Failed to perform specified operation on SDDC Manager. Following conditions do not match - The certificate chain validation failed due to 'Signature does not match'
search cancel

Failed to perform specified operation on SDDC Manager. Following conditions do not match - The certificate chain validation failed due to 'Signature does not match'

book

Article ID: 407108

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

When importing a certificated in VCF 9 it fails with the following UI error: 

Certificate replacement for the appliance has failed. Failed to perform specified operation on SDDC Manager. Following conditions do not match - The certificate chain validation failed due to 'Signature does not match' 

 

 Log example in the  SDDC Manager log : var/log/vmware/vcf/operationsmanager/operationsmanager.log 

ERROR [vcf_om,66666666666666666] [.CertificateValidator,http-nio-127.0.0.1-7300-exec-4] The certificate 'CN=VM1,OU=US,O=VMWARE,L=US,ST=CA,C=US' issued by 'CN=n Issuing CA ,OU=VMWARE,O=BROADCOM' is expected to issued by 'CN=Root CA,OU=US,O=VMWARE'. Signature does not match.

0000-00-00T00:00:00.000+0000 ERROR [vcf_om,66666666666666666666666] [.TranslationMessage,http-nio-127.0.0.1-7300-exec-4] Can't find resource for bundle java.util.PropertyResourceBundle, key RES_CERT_SPEC_INVALID_CERTIFICATE_CHAIN.remedy

 

Environment

VCF 9

Cause

When using the certificate chain option it is not pulling in the intermediate certificates from the certificate pem file

Resolution

Engineering are aware of this issue and this should be resolved in the next release. 

Workaround: 

In documentation: https://techdocs.broadcom.com/us/en/vmware-cis/vcf/vcf-9-0-and-later/9-0/fleet-management/certificate-management-9-0/install-third-party-ca-signed-certificates-using-server-certificate-and-certificate-authority-files_9-0.html

Use the Paste text option to add in the full certificate chain. 

Powered by Wolken Software