Failed to replace the CA signed certificate via SDDC manager UI.
search cancel

Failed to replace the CA signed certificate via SDDC manager UI.

book

Article ID: 413145

calendar_today

Updated On:

Products

VMware vCenter Server 8.0 VMware vCenter Server

Issue/Introduction

Environment

VMware vCenter Server 8.0

VMware vCenter Server 7.0

Cause

This type of issue can happened when certificate provided by authority is not sign by CRL & Certificate & CRL signing must be enabled. 

Example : 

Without Signed certificate :

4c:b8:4c:87:0f:45:32:67:a2:eb: c2:df:fd:23:3f:
ab:19:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:56:EE:DC:05:1D:27:3C:C1:FA:20:64:4A:BF:CC:B9:21:A7:B3:FE
X509v3 Authority Key Identifier:
3E:56:EE:DC:05:1D:27:3C:C1:FA:20:64:4A:BF:CC:B9:21:A7:B3:FE
X509v3 Basic Constraints: critical
CA: TRUE
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
29:a9:35:53:5e:0e:a6:22:ec:76:42:46:5f:e5:87:07:0a:68:
a9:9b:28:cb: e4:ae:52:13:16:7b:26:67:fd: 50:be:f4:68:84:

 

Signed certificate :


9a:5c:7c:2d:2c:e2:3d:96:30:30:c8:81:a4:59:72:
e5:a6:4d: a3:30:48:7e:f4:7c:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
22:D7:49:1D:E8:C4:58:47:A6:8C:67:9A:75:FC:44:24:FE:CD:BA:96
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
3c:a8:13:67:66:15:65:88:56:1f:88:5f:66:be:a9:5f:b4:55:
3c:86:4f:dd:1a:7e:63:9b:e4:1e:22:cb:1e:f9:99:3b:ce:0a:
3f:19:48:3e:2a:5b:48:22:d7:27:0c:cb: a6:fe:4b:0d:a0:f0:
4c:12:8a:37:4c:3f: 67:db:d2:02:cf:7a:2f:d5:ba:11:36:39:

Resolution

Please get the certificate with CRL sign from the authority and try to install it.

Additional Information

Powered by Wolken Software