VCF Installer fails on stage "Generate and Install VMCA Certificate on SDDC Manager"
Article ID: 419768
Updated On:
Products
Issue/Introduction
VCF Installer fails on stage "Generate and Install VMCA Certificate on SDDC Manager"
/var/log/vmware/vcf/domainmanager/domainmanager.log: 2025-11-13T03:20:52.451+0000 ERROR [vcf_dm,69154e939207b0499ff306684b0191b2,4328] [c.v.e.s.s.InstallSddcManagerVmcaCertificateLocalAction,dm-exec-23] API failure during install certificate Code: 500, error: {"errorCode":"CERT_REPLACEMENT_FAILED","arguments":[],"message":"Cannot replace existing certificate with the input cert. Validations did not pass.\nMake sure the input cert chain is valid. The structure must be:\n\server cert\followed by \ntermediate certs\ followed by \CA cert\nA self signed server cert\nAll certs in the chain must conform to X.509 standards.\nAlso make sure that the DNS name in both the CN field and the optional Subject Alternative Name extension, is a resolvable hostname","causes":[{"type":"com.vmware.evo.sddc.appliance.utilities.error.CertValidatorException","message":"Cannot replace existing certificate with the input cert. Validations did not pass.
Environment
VCF 9.x
Cause
The date and time set on the VCF Installer / SDDC Manager appliance is not in sync with the vCenter appliance.
Resolution
Ensure NTP is configured on the vCenter Appliance and SDDC Manager and both report the same time (within 45 seconds)
To workaround the issue, see Failed to install VMCA Certificate on SDDC Manager
Additional Information
If converting or importing a brownfield vSphere environment to VCF, see:
- Brownfield convert task fails during "Installing SDDC Manager VCSA certificate" phase
- Converting vSphere environment to VMware Cloud Foundation fails with error "SDDC_MANAGER_INSTALL_CERT_FAILED Failed to install VMCA Certificate on SDDC Manager"
- VCF import tool failed with the error "Failed to install VMCA Certificate on SDDC Manager"
Feedback
