"The hosts in the certificate doesn't match with the provided/product hosts" error during VCF Operations for Logs 9.x deployment precheck.
search cancel

"The hosts in the certificate doesn't match with the provided/product hosts" error during VCF Operations for Logs 9.x deployment precheck.

book

Article ID: 432560

calendar_today

Updated On:

Products

VCF Operations

Issue/Introduction

The deployment, initiated through Fleet Management > Lifecycle > VCF Management > Components > DEPLOY COMPONENT, triggers a precheck failure specifically during the Certificate Validation task.

  • The SDDC Manager workflow reports a failure during the input schema and component property check phases.

  • The following error is explicitly displayed in the UI. The hosts in the certificate doesn't match with the provided/product hosts

  • Validation fails to progress, preventing the deployment of the Log Insight cluster nodes.

 

Environment

VCF Operations 9.x 

VCF Operations for Logs 9.x

Cause

The issue occurred due to an incorrectly generated SSL/TLS certificate for the Aria Operations for Logs cluster. The certificate did not include the required Subject Alternative Name (SAN) entries for all cluster nodes, or the SAN list did not match the FQDNs defined in the VCF deployment parameters.

Resolution

  • Generate a new certificate "Custom SSL Certificate", ensuring all node FQDNs and the cluster VIP are included as SAN entries.
  • Ensure the SAN attributes specifically match the case-sensitive FQDNs used in the VCF configuration.
  • And replace the existing invalid certificate with the newly generated one.
  • Verify that you concatenate the entire body of each certificate into a single text file in the following order.
    a. The Private Key - your_domain_name.key
    b. The Primary Certificate - your_domain_name.crt
    c. The Intermediate Certificate - DigiCertCA.crt
    d. The Root Certificate - TrustedRoot.crt
  • Verify that you include the beginning and ending tags of each certificate in the following format.
    -----BEGIN PRIVATE KEY-----
    (Your Private Key: your_domain_name.key)
    -----END PRIVATE KEY-----
    -----BEGIN CERTIFICATE-----
    (Your Primary SSL certificate: your_domain_name.crt)
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    (Your Intermediate certificate: DigiCertCA.crt)
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    (Your Root certificate: TrustedRoot.crt)
    -----END CERTIFICATE-----
  • Execute the VCF Install precheck again to confirm that "Input Schema Validation" and "Component Property" checks pass.
  • For more info, please refer Install a Custom SSL Certificate
Powered by Wolken Software