Configure online depot in VCF operations 9.x fails with error 'Error in setting Online depot configuration. '
Article ID: 432656
Updated On:
Products
VCF Operations/Automation (formerly VMware Aria Suite)
Issue/Introduction
- Configuring online depot fails with the error '
Error setting Online depot configuration' - /var/log/vmware/vcf/lcm/lcm-debug.log in SDDC manager shows error similar to below extract:
2026-02-17T09:38:12.495+0000 ERROR [vcf_lcm,0000000000000000,0000] [c.v.e.s.c.util.LocalProcessService,ForkJoinPool.commonPool-worker-18] Local command /opt/vmware/vmware-umds/bin/vmware-umds -D -m --info-level error --proxy-ip <proxyFQDN> --proxy-port <portnumber> --task-id ########-####-####-####-############ failed with exit value 1 Out Stream: LocalProcess INFO: 2026-02-17 09:38:08 - Starting download of updates ... LocalProcess INFO: 2026-02-17 09:38:09 - 2026-02-17T09:38:09.208Z error vmware-downloadService[2362258] [Originator@6876 sub=httpDownload] [httpDownloadPosix 782] curl_easy_perform() failed: cURL Error: SSL peer certificate or SSH remote key was not OK, SSL certificate problem: self-signed certificate in certificate chain - Applying KB How to import Proxy server certificate to SDDC manager trust store. does not resolve the issue
Environment
SDDC manager 9.x
VCF Operations 9.x
Resolution
| Note: Before proceeding, ensure to take a backup/ snapshot of the SDDC Manager appliance. |
- Log in to SDDC manager using SSH or console with user vcf
- Elevate to root user : su -
- Trust the dl.broadcom.com root certificate with the following command. If the certificate is not present the command will prompt "Trust this certificate?". If the cert is already present it will return, " Certificate not imported, alias <depot_cert> already exists"
echo off | openssl s_client -connect dl.broadcom.com:443 2>&1 | openssl x509 -outform PEM 1> /tmp/depot.crt && keytool -importcert -alias depot_cert -file /tmp/depot.crt -keystore /etc/alternatives/jre/lib/security/cacerts --storepass changeitNote if you are using a proxy please run the following command instead of the above:
echo off | openssl s_client -proxy <proxy-fqdn>:<proxy port> -connect dl.broadcom.com:443 2>&1 | openssl x509 -outform PEM 1> /tmp/depot.crt && keytool -importcert -alias depot_cert -file /tmp/depot.crt -keystore /etc/alternatives/jre/lib/security/cacerts --storepass changeit - Navigate to Fleet Management → Lifecycle → VCF Management → Depot Configuration → On the Online Depot tile click Configure
- The Configure Online Depot form appears.
- Click the plus sign to add a password.
- Enter the following information, then click Add.
- Password Alias: Enter a name to identify the download token.
- Password: Enter the download token.
- Confirm Password: Enter the download token again.
- Password Description is optional.
- User Name is optional.
- Click Select Download Token.
Scroll to find the Password Alias that you added and select it. - Click to accept the imported certificate and click OK.
- Online Depot tile is showing '
Depot connection is active'
Additional Information
Feedback
Yes
No
Powered by
