SSL handshake failure with on-prem replicator after certificate replacement in VMware Cloud Director Availability
search cancel

SSL handshake failure with on-prem replicator after certificate replacement in VMware Cloud Director Availability

book

Article ID: 405363

calendar_today

Updated On:

Products

VMware Cloud Director

Issue/Introduction

The on-prem replicator appears disconnected in the manager UI.

Errors such as “Generic error occurred during SSL handshake” are seen in the replicator service logs.

In /opt/vmware/h4/manager/log/manager.log, you see messages like below:

Connectivity issue for replicator UUID <UUID>

SSL handshake failed – remote host terminated the handshake

Environment

VMware Cloud Director Availability 4.7.3

Cause

This issue occurs when the SSL certificate used during replacement is generated with a 3,000-bit RSA key, which is not fully compatible with the SSL handshake requirements of the on-prem replicator.

Resolution

To resolve the issue:

  1. Reissue the SSL certificate using a 2,048-bit RSA key, as per the supported cryptographic standards for VCDA.

  2. Upload CA-Signed certificate in the VCDA environment.

  3. Restart the following services in the appropriate order:

    • systemctl start tunnel.service
    • systemctl start manager.service
    • systemctl start replicator.service

After completing these steps, the SSL handshake should succeed, and connectivity with the on-prem replicator will be restored.

Additional Information

As per the VCDA guide, ensure that RSA keys are 2,048 bits or larger, but not using unsupported custom sizes like 3,000 bits.

Powered by Wolken Software