• When updating the JMX ssl certificate for the endpoint configuration of a cell, an error similar to the following is displayed:
  
  Failed to retrieve RMIServer stub: javax.naming.CommunicationException ... Unable to construct a valid chain - Certification path could not be validated. - Could not validate certificate: certificate expired on <date and time stamp>
  
  
• FIPS mode is enabled on the VMware Cloud Director cell.

VMware Cloud Director 10.6.x

FIPS mode introduces additional validation in the VMware Cloud Director configuration and it can cause trust failures when administrating the JMX endpoint if it cannot trust the installed certificate.

In order to work around this behavior, perform the following steps:

1. Disable FIPS mode temporarily for the VMware Cloud Director (vCD) implementation.
2. Update the certificate on the JMX endpoint.
3. Re-enable FIPS mode

Please note: Adjusting the FIPS configuration will require a restart of vCD services as well as adjust the security posture in the environment. So, appropriate planning will be required to accommodate your business requirements.

There is a limitation that may require the new certificate to be explicitly trusted, as discussed in the known issues section of the following release notes document:

VMware Cloud Director 10.6 Release Notes

Please refer to the section entitled: You might receive an unable to find valid certification path to request target - PKIX path building failed error when changing the JMX certificate of a cell using the UI.

For more information regarding the management of the endpoint SSL certificates for a cell, please refer to the following:

View and Manage Your VMware Cloud Director Cell Infrastructure

For information about enabling and disabling FIPS mode on a cell, please refer to the document below:

Activate or Deactivate FIPS Mode on Your VMware Cloud Director Appliance