Replace cert Failed: Exception found (Invalid input certificate: DNS in Subject Alternative Name is not correct. DNS Name must contain machine FQDN.)
search cancel

Replace cert Failed: Exception found (Invalid input certificate: DNS in Subject Alternative Name is not correct. DNS Name must contain machine FQDN.)

book

Article ID: 411568

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • Replacing the vCenter self-signed machine SSL certificate with Custom certificate fails with the below error:

         "Replace cert Failed: Exception found (Invalid input certificate: DNS in Subject Alternative Name is not correct. DNS Name must contain machine FQDN.)"

  • The output of the below command indicates that PNID of the vCenter is set to the IP address of the vCenter and the Hostname is the FQDN:

         /usr/lib/vmware-vmafd/bin/vmafd-cli get-pnid --server-name localhost && hostname -f

  • The Forward nslookup with vCenter IP address also points to the vCenter FQDN.

Environment

VMware vCenter Server 8.X

Cause

This is due to the mismatch between the PNID (IP address) and the DNS/FQDN name provided in the custom certificate's SAN field. vCenter requires that the DNS name in the certificate match the PNID exactly.

Resolution

Change the PNID of the vCenter via VAMI to match the FQDN/DNS Name.

Link for reference: Reconfigure the Primary Network Identifier

Afterwards, proceed with replacing the self-signed certificate with custom certificates again.

Powered by Wolken Software