After the machine_ssl certificate of the publisher content library is changed, the subscribed libraries does not sync.

We get the below error in /var/log/vmware/content_library/cls.log:

YYYY-MM-DDThh:mm:ss | ERROR    | #####-#####-#####-h5:#####-##-## | transferService-pool-7-thread | CertificateTrustStrategy       | SSL thumbprint mismatch: Url https://<publisher_vCenter_fqdn>:443/cls/vcsp/lib/#####-#####-#####/#####-#####-#####/<content_library_template_name>, Received ##:##:##:##:##:##:##:##:##:##, expected ##:##:##:##:##:##:##:##:##:##

• vCenter Server 8.0.X

The thumbprint of the publisher vCenter server is not synced with the subscriber vCenter server

Note : Make sure to take a snapshot or backup of the vCenter servers before making any changes to the VCDB. If vCenter is in Enhanced Linked Mode (ELM), then take offline snapshots of all ELM partners before proceeding. See VMware vCenter in Enhanced Linked Mode pre-changes snapshot (online or offline) best practice

• Open an SSH session to the publsiher vCenter server.
• Run the below command:
  • openssl s_client -connect localhost:443 -showcerts </dev/null 2>/dev/null | openssl x509 -noout -fingerprint -sha1
• Open an SSH session to the subscriber vCenter server and run the below command:
  • /opt/vmware/vpostgres/current/bin/psql -d VCDB -U postgres -c "select name, subscriptionsslthumbprint from cl_library;"
• The thumbprint shown in both sessions would be different.
• Please run the below command to update the correct thumbprint in the subscriber vCenter server.
  • /opt/vmware/vpostgres/current/bin/psql -d VCDB -U postgres -c "update cl_library set subscriptionsslthumbprint = '<correct_publisher-vCenter_thumbprint>' where subscriptionsslthumbprint = '<incorrect_thumbprint>';"