Connection to Kubernetes Server using Ingress via vRO workflow fails with One or more certificates in the chain are not valid.Error: signature check failed. PKIX path validation failed
search cancel

Connection to Kubernetes Server using Ingress via vRO workflow fails with One or more certificates in the chain are not valid.Error: signature check failed. PKIX path validation failed

book

Article ID: 417018

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

  • Running REST related workflows such as "Add a Rest Host" in Aria Orchestrator fail when trying to reach Kubernetes backed servers which use Ingress Controllers.
  • For example:
    • 2025-09-09 14:31:25.022 +02:00 info https://server.example.com
2025-09-09 14:31:25.133 +02:00 warning One or more certificates in the chain are not valid.Error: signature check failed
PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
Certificate chain details:ยท
Validity : [From : ### ##, #### To : ### ##, ####]
Common Name (6 characters min) : Kubernetes Ingress Controller Fake Certificate
Organization : Acme Co
Fingerprint (MD5) : ################################
Public key : RSA 
Serial Number : ## ## ## ## ---------------------------------
2025-09-09 14:31:25.238 +02:00 info *** Add a REST host START:
2025-09-09 14:31:25.239 +02:00 info 9/9/2025 @ 12:31:25.238
2025-09-09 14:31:25.240 +02:00 info*** Add a REST host End
2025-09-09 14:31:25.286 +02:00 info REST host added: https://server.example.com

Environment

  • Aria Automation 8.18.x (Embedded Orchestrator)
  • Aria Orchestrator 8.18.x

Cause

  • The Server Name Indication (SNI) configuration is absent from the particular server or service.
  • More information on SNI can be found here:

Resolution

  • Set the SNI details on the specific server or service.
Powered by Wolken Software