"The certificate is expired" warning displayed when deploying VMware Cloud Proxy OVA from vCenter Server
search cancel

"The certificate is expired" warning displayed when deploying VMware Cloud Proxy OVA from vCenter Server

book

Article ID: 426805

calendar_today

Updated On:

Products

VMware Aria Operations (formerly vRealize Operations) 8.x VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

  • When attempting to deploy a VMware Cloud Proxy appliance OVA using the Deploy OVF Template option in VMware vCenter Server, the deployment process halts at step 4, "Review Details," displaying a warning message:

"The certificate is expired"

  • Attempting to proceed by selecting Next without acknowledging the warning results in the following blocking error:

"Please acknowledge by ignoring the warnings before proceeding"


Environment

  • VMware Aria Operations 8.x

  • VMware vCenter Server

Cause

The OVA file was packaged with a certificate containing the following details:

 

 The vCenter Server's OVF/OVA validation mechanism correctly identifies the embedded certificate as expired. This triggers the expiration compliance warning and prevents the deployment from continuing until the warning is explicitly dismissed.

Resolution

This is a known issue impacting the OVA packaging process for the currently available versions of the VMware Cloud Proxy appliance. The signing certificate has expired, but it does not affect the functionality of the deployed appliance.

To work around this limitation and proceed with the deployment:

  1. On the "Review Details" step of the Deploy OVF Template wizard, locate the warning banner containing the message: The certificate is expired.
  2. Select the Ignore link within the warning banner. This action acknowledges and accepts the expired certificate, dismissing the warning.
  3. Once the warning is dismissed, the Next button will become active. Click Next to continue with the remaining steps of the deployment process.

Note on Certificate Impact:

The certificate that has expired is exclusively used to digitally sign the OVA file for integrity checking. It is not the SSL/TLS certificate used by the deployed Cloud Proxy appliance for communication with Aria Operations or other endpoints. Accepting the expired OVA signing certificate will not compromise the security or functionality of the deployed Cloud Proxy appliance.

Powered by Wolken Software