When upgrading vCenter Server from 7.0 to 8.0, the Stage 2 precheck fails with the following error:
"Invalid SSO credentials for source appliance . The passed address did not match any address values in the server certificate ['']"

During Stage 2, the upgrade wizard attempts to connect to the source vCenter Server using certificate authentication. The issue arises because the source vCenter Server’s Machine SSL certificate does not include the specified IP address in the Subject Alternative Name (SAN) or IP address fields.

To verify if the IP address is missing, run the following command:

/usr/lib/vmware-vmafd/bin/vecs-cli entry list --store MACHINE_SSL_CERT --text

Note: Take an offline snapshot of the vCenter Server before making any changes.

To resolve this issue, replace the Machine SSL certificate to include the vCenter’s IP address in both the IP address and SAN fields. Follow these steps using the vCert utility:

1. Run vCert Utility:
   Refer to: vCert - Expired Certificate Replacement Script

2. Manage Certificates:
   From the vCert menu, select Option 3: Manage Certificates, then Sub-option 1: Manage Machine SSL Certificate.

3. Replace Certificate:
   Choose Sub-option 1 to replace the certificate with the default CA.

4. Restart Upgrade Process:
   After replacing the certificate, delete the VM created in Stage 1 and restart the upgrade process.