vCD Services fails to start after importing CA Signed Certificates

search cancel

vCD Services fails to start after importing CA Signed Certificates

book

Article ID: 386329

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

After installing CA signed certificates the vCD service is failing to start.
The cell-runtime.log contains the following error message...

Caused by: java.security.KeyStoreException: Key protection algorithm not found: java.security.KeyStoreException: Certificate chain is not valid
at java.base/sun.security.pkcs12.PKCS12KeyStore.setKeyEntry(PKCS12KeyStore.java:688)
at java.base/sun.security.pkcs12.PKCS12KeyStore.engineSetKeyEntry(PKCS12KeyStore.java:585)
at java.base/sun.security.util.KeyStoreDelegator.engineSetKeyEntry(KeyStoreDelegator.java:111)
at java.base/java.security.KeyStore.setKeyEntry(KeyStore.java:1174)
at com.vmware.vcloud.common.crypto.http.ProductKeyStore.load(ProductKeyStore.java:169)
at com.vmware.vcloud.common.ssl.SslSourceFactory.<init>(SslSourceFactory.java:35)
... 74 more
Caused by: java.security.KeyStoreException: Certificate chain is not valid
at java.base/sun.security.pkcs12.PKCS12KeyStore.setKeyEntry(PKCS12KeyStore.java:635)
... 79 more

Environment

VMware Cloud Director 10.x

Resolution

Correct the certificate chain to be in the following order:

Primary > Intermediate > Intermediate 2 > Root

Additional Information

https://docs.vmware.com/en/VMware-Cloud-Director/10.3/VMware-Cloud-Director-Install-Configure-Upgrade-Guide/GUID-DD6CC590-DA49-4700-AD7F-12E9631DDBAF.html#GUID-DD6CC590-DA49-4700-AD7F-12E9631DDBAF

Feedback

thumb_up Yes

thumb_down No