Removing CA Certificates from the TRUSTED_ROOTS failed "The file contains more than 1 certificate"

search cancel

Removing CA Certificates from the TRUSTED_ROOTS failed "The file contains more than 1 certificate"

book

Article ID: 426867

calendar_today

Updated On:

Products

VMware vCenter Server 8.0 VMware vCenter Server

Issue/Introduction

You have expired trusted root certificates
You are following the KB - Verify and remove CA Certificates from the TRUSTED_ROOTS store in the VMware Endpoint Certificate Store(VECS)

Unpublishing the expired/expiring CA certificate failed with the error

The file [/root/####################################.cer] contains more than 1 certificate
dir-cli failed. Error 13: Possible errors:
LDAP error: Confidentiality required
Win Error: Operation failed with error ERROR_INVALID_DATA (13)

Environment

VMware vCenter Server 7.0.x
VMware vCenter Server 8.0.x

Cause

The expired TRUSTED_ROOTS certificate contains multiple certificates.

Resolution

Open the .cer file using cat /root/<OLD cert>.cer

cat <OLD cert>.cer

-----BEGIN CERTIFICATE-----
certificate1 
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
certificate2
-----END CERTIFICATE-----

Save the first certificate as a separate certificate.

openssl x509 -in /tmp/<OLD cert>.cer -out /tmp/oldcert1.cer

Unpublish the saved certificate.

/usr/lib/vmware-vmafd/bin/dir-cli trustedcert unpublish --cert /tmp/oldcert1.cer

Follow the rest of the steps from the KB Verify and remove CA Certificates from the TRUSTED_ROOTS store in the VMware Endpoint Certificate Store(VECS)

Additional Information

Verify and remove CA Certificates from the TRUSTED_ROOTS store in the VMware Endpoint Certificate Store(VECS)

Removing CA Certificates from the TRUSTED_ROOTS store in the VMware Endpoint Certificate Store(VECS) in vCSA using script

Feedback

thumb_up Yes

thumb_down No