vCenter services, vmware-certificatemanager and vmware-certificateauthority, fail to start

search cancel

vCenter services, vmware-certificatemanager and vmware-certificateauthority, fail to start

book

Article ID: 394478

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Multiple vCenter services fail to start including:

vmware-certificateauthority
vmware-certificatemanager
vmware-vpxd-svcs

The /var/log/vmware/certificateauthority/certificateauthority-svcs.log contains entries similar to the below:
Exception in invoking authentication handler [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1076)

Environment

vCenter Server 8.x

Cause

One of the CA certificates in the vCenter's Machine SSL certificate chain are missing/expired in VMware Directory

Resolution

Leverage vCert.py from KB 385107 to verify the CA certificates which are published in VMware Directory.

vCert.py Option 2 - View vCenter Certificates
- Option 3 - CA certificates in VMware Directory

Once the missing certificate has been identified, use the following vCert.py options to publish the missing CA certificate.

vCert.py Option 3 - Manage vCenter Certificates
- Option 3 - CA certificates in VMware Directory
- Option 1 - Publish CA certificate(s) to VMware Directory

Once the missing CA certificate has been published, restart the vCenter services, or reboot the vCenter Appliance.

Feedback

thumb_up Yes

thumb_down No