Configuring Microsoft CA certificate on SDDC manager fails - CA server URL not reachable unable to get certificate
Article ID: 396705
Updated On:
Products
VMware SDDC Manager
Issue/Introduction
- Configuring the SDDC Manager with Microsoft CA certificate Authority fails.
Certificate Authority > Configure Certificate Authority > Certificate Authority Type: Microsoft - Unable to get certificate Error is displayed when you click Save.
operationsmanager.log:
yyy-mm-ddT06:53:15.364+0000 ERROR [vcf_om,ce844217ff0c44ca,6fa3] [c.v.e.s.e.h.LocalizableRuntimeExceptionHandler,http-nio-127.0.0.1-7300-exec-3] [620VNF] CERTIFICATE_GET_FAILED class sun.security.ec.ECPublicKeyImpl cannot be cast to class java.security.interfaces.RSAPublicKey
(sun.security.ec.ECPublicKeyImpl is in module jdk.crypto.ec of loader 'platform'; java.security.interfaces.RSAPublicKey is in module java.base of loader 'bootstrap')
com.vmware.vcf.certmgmt.common.exception.CertMgmtRestException: class sun.security.ec.ECPublicKeyImpl cannot be cast to class java.security.interfaces.RSAPublicKey (sun.security.ec.ECPublicKeyImpl is in module jdk.crypto.ec of loader 'platform'; java.security.interfaces.RSAPublicKey is in module java.base of loader 'bootstrap')
at com.vmware.vcf.certmgmt.rest.api.controller.v1.CertificateManagementController.getServerCertificate(CertificateManagementController.java:109)
at jdk.internal.reflect.GeneratedMethodAccessor1802.invoke(Unknown Source)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:569)
Caused by: java.lang.ClassCastException: class sun.security.ec.ECPublicKeyImpl cannot be cast to class java.security.interfaces.RSAPublicKey (sun.security.ec.ECPublicKeyImpl is in module jdk.crypto.ec of loader 'platform'; java.security.interfaces.RSAPublicKey is in module java.base of loader 'bootstrap')
Environment
VMware Cloud Foundation 4.x.
VMware Cloud Foundation 5.x
Cause
- The provided Microsoft certificate - The Elliptic Curve (EC) algorithm is not supported.
- SDDC manager only supports RSA algorithm certificates. Non-RSA-based certificates are currently unsupported for all VCF 4.x, 5.x and future releases.
Resolution
Configure the Certificate Authority with a supported algorithm certificate for the SDDC Manager.
Additional Information
Prepare Your Microsoft Certificate Authority to Allow SDDC Manger to Manage Certificates - https://techdocs.broadcom.com/us/en/vmware-cis/vcf/vcf-5-2-and-earlier/5-1/map-for-administering-vcf-5-1/certificate-management-admin/configure-vmware-cloud-foundation-to-use-microsoft-ca-signed-certificates-admin/prepare-your-certificate-authority-to-enable-sddc-manger-to-manage-certificates-admin.html
Feedback
Yes
No
Powered by
