Install a new certificate in VCF Operations fails with "Operation failed. If the error persists, contact VMware support."
Article ID: 419314
Updated On:
Products
Issue/Introduction
- When installing a new certificate in VCF Operations following procedure Configure a Certificate For Use With VCF Operations, below error is reported after selecting the certificate PEM file:
Operation failed. If the error persists, contact VMware support. - The following error information is recorded in the
/storage/vcops/log/casa/casa.logfile:
INFO [ajp-nio-127.0.0.1-8011-exec-10] [Dx0005cy] support.subprocess.GeneralCommand:255 - Command '/usr/lib/vmware-python-3/bin/python /usr/lib/vmware-casa/bin/vropsCertificateTool.py -i /storage/db/tmp/uploaded_cert.tmp --no_describe --json --level NONE' threw exception: CommandLineExitException: key=general.failure; args=1,Traceback (most recent call last):File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 1591, in <module>sys.exit(main(sys.argv))^^^^^^^^^^^^^^File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 1555, in maincertificate_file.verify()File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 1227, in verifyrc = self.verify_certificate_chain() and rc^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 886, in verify_certificate_chainsorted_certificates = self._get_sorted_certificate_list()^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 851, in _get_sorted_certificate_listissuer = certs_by_subject[issuer.issuer]ERROR [ajp-nio-127.0.0.1-8011-exec-10] [Dx0005cy] casa.security.SecurityService:1686 - Unexpected error during validateCertificate script execution: Traceback (most recent call last):File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 1591, in <module>sys.exit(main(sys.argv))^^^^^^^^^^^^^^File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 1555, in maincertificate_file.verify()File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 1227, in verifyrc = self.verify_certificate_chain() and rc^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 886, in verify_certificate_chainsorted_certificates = self._get_sorted_certificate_list()^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 851, in _get_sorted_certificate_listissuer = certs_by_subject[issuer.issuer]ERROR [ajp-nio-127.0.0.1-8011-exec-10] [Dx0005cy] casa.security.SecurityService:1264 - Error uploading pemfilecom.vmware.vcops.casa.exception.CasaException: Unexpected error during validateCertificate script execution.WARN [ajp-nio-127.0.0.1-8011-exec-10] [Dx0005cy] casa.exception.CasaControllerExceptionHandler:273 - general runtime exceptioncom.vmware.vcops.casa.exception.CasaException: pemupload failed
Environment
VCF Operations 8.18
Cause
The certificate file does not contain a complete certificate chain.
Resolution
Import a complete certificate chain to VCF Operations.
The certificate can be verified with commands specified in Using the Custom Certificate Tool in VMware Aria Operations. A valid certificate should have an output similar to:
$VMWARE_PYTHON_BIN /usr/lib/vmware-casa/bin/vropsCertificateTool.py -i uploaded_cert.pemFound section: CERTIFICATE description: subject = <subject> issuer = <Intermediate CA>Found section: PRIVATE_KEY description: Key Size = 2048 bitsFound section: CERTIFICATE description: subject = <Intermediate CA> issuer = <Root CA>Found section: CERTIFICATE description: subject = <Root CA> issuer = <Root CA>Input file is valid.
Feedback
