vCD Services fails to start after importing CA Signed Certificates
search cancel

vCD Services fails to start after importing CA Signed Certificates

book

Article ID: 386329

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

  • After installing CA signed certificates the vCD service is failing to start. 
  • The cell-runtime.log contains the following error message...
Caused by: java.security.KeyStoreException: Key protection algorithm not found: java.security.KeyStoreException: Certificate chain is not valid
        at java.base/sun.security.pkcs12.PKCS12KeyStore.setKeyEntry(PKCS12KeyStore.java:xxx)
        at java.base/sun.security.pkcs12.PKCS12KeyStore.engineSetKeyEntry(PKCS12KeyStore.java:xxx)
        at java.base/sun.security.util.KeyStoreDelegator.engineSetKeyEntry(KeyStoreDelegator.java:xxx)
        at java.base/java.security.KeyStore.setKeyEntry(KeyStore.java:xxxx)
        at com.vmware.vcloud.common.crypto.http.ProductKeyStore.load(ProductKeyStore.java:xxx)
        at com.vmware.vcloud.common.ssl.SslSourceFactory.<init>(SslSourceFactory.java:xx)
        ... 74 more
Caused by: java.security.KeyStoreException: Certificate chain is not valid
        at java.base/sun.security.pkcs12.PKCS12KeyStore.setKeyEntry(PKCS12KeyStore.java:xx)
        ... 79 more

Environment

VMware Cloud Director 10.x

Resolution

Correct the certificate chain to be in the following order:

Primary > Intermediate > Intermediate 2 > Root

Additional Information

The .pem file should contain only the certificate chain, without any additional clear text or extraneous content. It should follow the format shown below:

-----BEGIN CERTIFICATE-----
<Certificate Information>
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
<Intermediate Certificate Information>
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
<Root Certificate Information>
-----END CERTIFICATE-----

Please ensure there are no extra headers, footers, or comments in the file.

It is mentioned in the below document as well. 

Add a CA Certificate to the Edge Gateway for SSL Certificate Trust Verification Using Your VMware Cloud Director Service Provider Admin Portal

For more information:
Import Certificates to the Certificates Library Using Your VMware Cloud Director Service Provider Admin Portal
SSL Certificate Creation and Management of Your VMware Cloud Director Appliance

Powered by Wolken Software