• Error while trying to import the Machine SSL certificate in the vCenter Server.
  
  [CERTIFICATE] Replace cert Failed: Subject Alternate Name (SAN) is empty in the certificate provided. Please provide a valid vCenter server certificate with a valid SAN field.
  
  
  
  
• Trying to import certificate using vCert tool, gives the following error message:
  
  File "/root/vCert-6.x.0-########/operation/manage_certificate.py", line 663, in verify pnid_in san
san_lower = get_subject_alternative_names (cert_x509) .lower () AttributeError: 'NoneType' object has no attribute 'lower'

• vCenter Server 8.x
• vCenter 9.x

Re-generate the CSR from vCenter Server using any of below methods and sign the certificate from the Custom CA using the new CSR.

1. To generate CSR using vSphere Client, refer Generate Certificate Signing Request for Machine SSL Certificate Using the vSphere Client.
   • Enter the vCenter Server FQDN for the Subject Alternative Name field during CSR generation.
     
     
2. To generate CSR using vCert tool, refer vCert - Scripted vCenter expired certificate replacement.
   • Use the Menu options - 3. Manage certificates ->  1. Machine SSL certificate ->  2. Replace Machine SSL certificate with a custom CA-signed certificate ->  1. Generate Certificate Signing Request and Private Key
     
     
3. To generate CSR using vCenter Certificate Manager CLI, refer 1 to 6 steps from KB Replace vCenter Machine SSL certificate Custom Certificate Authority Signed Certificate.

Note: Use the same tool while replacing the certificate. For example, if the CSR is generated from vSphere Client, use only vSphere Client during Certificate import.