Error downloading plug-in. Make sure that the URL is reachable and the registered thumbprint is correct. Unable to find certificate chain.

search cancel

Error downloading plug-in. Make sure that the URL is reachable and the registered thumbprint is correct. Unable to find certificate chain.

book

Article ID: 407936

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Installation of Cisco or VxRail Manager remote plugin on vCenter fails with Error: Error downloading plug-in. Make sure that the URL is reachable and the registered thumbprint is correct. Unable to find certificate chain.

When running the following commands from the command prompt of vCenter, you receive two different thumbprint values:

VxRail:

/opt/vmware/vpostgres/current/bin/psql -U postgres -d VCDB -c "select server_thumbprint from vpx_ext_server where ext_id = '(com.vmware.vxrail)';"

server_thumbprint
-------------------------------------------------------------------------------------------------
3A:2B:1C:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX

and
echo | openssl s_client --connect <vxrail_fqdn_here>:<vxrail_port_here> 2> /dev/null | openssl x509 -fingerprint -sha256 -noout
sha256 Fingerprint=1A:2B:3C:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX

Cisco:
/opt/vmware/vpostgres/current/bin/psql -U postgres -d VCDB -c "select server_thumbprint from vpx_ext_server where ext_id = 'com.ucs.manager.plugin';"

server_thumbprint
-------------------------------------------------------------------------------------------------
3A:2B:1C:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX

and
echo | openssl s_client --connect <ucsm_fqdn_here>:<ucsm_port_here> 2> /dev/null | openssl x509 -fingerprint -sha256 -noout
sha256 Fingerprint=1A:2B:3C:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX

Environment

vCenter Server 8+

Cisco UCSM Remote Plugin 4.0.1

VxRail HTML5 Client Plugin 9.1.0.0

Cause

This issue occurs when Vendor appliance fails to update the thumbprint for it's plugin.

Resolution

Manually update the database for the VxRail/UCSM extension with the correct sha256 thumbprint.

NOTICE: Before performing the above, ensure you have proper backups of vCenter. If choosing snapshots, ensure you are following best practice as outlined in VMware vCenter in Enhanced Linked Mode pre-changes snapshot (online or offline) best practice.

NOTE: Your fingerprint of VxRail and UCSM FQDN/port should reflect those found in your environment.

1. Obtain the current thumbprint:

Cisco UCSM
- echo | openssl s_client --connect <ucsm_fqdn>:443 2> /dev/null | openssl x509 -fingerprint -sha256 -noout
  sha256 Fingerprint=1A:2B:3C:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
VxRail Appliance
- echo | openssl s_client --connect <vxrail_fqdn>:443 2> /dev/null | openssl x509 -fingerprint -sha256 -noout
  sha256 Fingerprint=1A:2B:3C:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX

2. Stop the vpxd service:

service-control --stop vmware-vpxd

3. Update the postgres database with the thumbprint obtained above:

Cisco UCSM
- /opt/vmware/vpostgres/current/bin/psql -U postgres -d VCDB -c "update vpx_ext_server set server_thumbprint = '1A:2B:3C:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX' where ext_id = 'com.ucs.manager.plugin';"
VxRail Appliance
- /opt/vmware/vpostgres/current/bin/psql -U postgres -d VCDB -c "update vpx_ext_server set server_thumbprint = '1A:2B:3C:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX' where ext_id = 'com.vmware.vxraiI';"

4. Restart all vCenter services:

service-control --stop --all && service-control --start --all

Additional Information

Further troubleshooting should be performed by vendor, as the plugin provider should update the thumbprint as necessary.

Feedback

thumb_up Yes

thumb_down No