vCenter gives an error when uploading a trusted certificate in the trusted store repository
search cancel

vCenter gives an error when uploading a trusted certificate in the trusted store repository

book

Article ID: 414688

calendar_today

Updated On:

Products

VMware vCenter Server 8.0

Issue/Introduction

Adding a certificate to the Trusted Root store of the vCenter fails with the following error message

In the vCenter SSH, navigate to var/log/vmware/certificatemanagement/certificatemanagement-svcs.log

YYYY-MM-DD [tomcat-exec-10 [] WARN com.vmware.vapi.internal.bindings.ApiMethodSkeleton opId=] Implementation method reported unexpected exception: com.vmware.vapi.std.errors.Error
com.vmware.vapi.std.errors.Error: Error (com.vmware.vapi.std.errors.error) => {
    messages = [LocalizableMessage (com.vmware.vapi.std.localizable_message) => { 
    id = com.vmware.certificatemanagement.error,
    defaultMessage = Internal Server Error (Certificate bearing subject CN=* .cn-name is not a valid CA certificate. Please retry with a valid certificate chain)

 

Environment

vCenter 8.U3

Cause

The certificate being added to the Trusted Root Store is not a valid Root Certificate.

Resolution

To resolve this issue:

  • Investigate the certificate being added, confirm the certificate chain is valid.
    • vSphere Certificate Requirements for Different Solution Paths
      • https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/vsphere-authentication-8-0/vsphere-security-certificates-authentication/certificate-requirements-for-different-solution-paths-authentication.html
  • Engage with your Custom CA to obtain a valid certificate with the required attributes present
Powered by Wolken Software