VCF Automation SSL Certificate Replacement Failure – "Missing values for certain mandatory properties"
search cancel

VCF Automation SSL Certificate Replacement Failure – "Missing values for certain mandatory properties"

book

Article ID: 419111

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

The SSL certificate replacement for the VCF automation appliance <FQDN> failed due to missing values in mandatory certificate properties. The operation terminated with an error indicating incomplete CSR details required for successful certificate processing.

Environment

VCF Automation 9.0
VCF Operations 9.0

 

Cause

If the CSR is generated without the required SAN entries for all VCF-A node FQDNs and the VIP, it will result in a validation failure during the certificate replacement process

Resolution

Regenerate the CSR ensuring all VCF-A node FQDNs and the VIP are included in the SAN field, then proceed with the certificate replacement to avoid validation failure.

Steps:

  1. Re-Generate the CSR with FQDNs of all the nodes (VCF-A and VIP)
  2. Download the CSR
  3. Sign it by external CA
  4. Download the single PEM format file from CA post signing
  5. Import the PEM file into Fleet Management Certificate
  6. Start with cert replacement and wait for the Certificate replacement to complete.

    Note: You will see this banner with the message 'Changes may take some time to appear' 


  7. To check the status of the certificate replacement process, navigate to:
    Fleet Management → Lifecycle → VCF Management → Tasks, and then click on Request Status for detailed insights.

 

Powered by Wolken Software