Configuring Storage Array Pair fails with "x509: certificate is not valid for any names"

Products

VMware Live Recovery

Issue/Introduction

Symptoms:

The administrator is unable to configure a storage array pair within VMware Live Recovery (VLR) version 9.0.4.
The configuration fails when attempting to use either the Fully Qualified Domain Name (FQDN) (e.g., Storage_array.Domain.com) or the management IP address.
The following certificate validation error surfaces in the VLR management interface when pairing is attempted using the FQDN.

Error: SRA command 'discoverArrays' failed. Connection to storage system <Storage_array_FQDN> failed.
Error : x509: certificate is not valid for any names, but wanted to match <Storage_array_FQDN>.
Make sure you have entered correct storage system details, port & storage system type and system is up
and running. Please make sure valid certificate is available in the system.

Screenshot:

Environment

VMware Live recovery 9.x

Cause

The array manager configuration failure is caused by an SSL/TLS certificate name mismatch. The VLR appliance attempts to negotiate a secure connection utilizing the storage array's FQDN, but the presented certificate does not contain the FQDN in its identity fields.

The extracted logs below indicate the Discovery array commands failed with "x509: certificate is not valid for any names."

Path : /var/log/vmware/srm/vmware-dr.log

YYYY-MM-DDThh:mm:ss.msz error vmware-dr[12084] [SRM@6876 sub=Storage opID=a7afe2f0-ecbe-445f-99b7-994e97646266-createArrayManager:v3] SRA command failed: (dr.storage.fault.CommandFailed) {
--> faultCause = (dr.storage.fault.SimpleAdapterFault) {
--> faultCause = (vmodl.MethodFault) null,
--> faultMessage = <unset>,
--> description = "Connection to storage system Storage_array.Domain.com failed. Error : x509: certificate is not valid for any names, but wanted to match Storage_array.Domain.com.",
--> fixHint = "Make sure you have entered correct storage system details, port & storage system type and system is up and running. Please make sure valid certificate is available in the system."
--> msg = ""
--> },
--> faultMessage = <unset>,
--> commandName = "discoverArrays"
--> msg = ""

Path : /var/log/vmware/srm/SRAs/sha256*/SRA log.

[YYYY-MM-DDThh:mm:ss.ms UTC] [INFO] [GID:1] ( storagesystem.go ssapi.GetCertificateDetails 299 ) HPESRA: Connecting to local HPE Storage system using certificate Storage_array.Domain.com on port 443:
[YYYY-MM-DDThh:mm:ss.ms UTC] [ERROR] [GID:1] ( storagesystem.go ssapi.GetCertificateDetails 321 ) HPESRA: Error connecting to address Storage_array.Domain.com using port 443 : x509: certificate is not valid for any names, but wanted to match Storage_array.Domain.com
[YYYY-MM-DDThh:mm:ss.ms UTC] [ERROR] [GID:1] ( tparapi.go ssapi.(*Tpar).Login 56 ) HPESRA: Failed to retrieve certificate details for HPE Storage system Storage_array.Domain.com
[YYYY-MM-DDThh:mm:ss.ms UTC] [ERROR] [GID:1] ( storagesystem.go ssapi.Open 175 ) HPESRA: Login failed
[YYYY-MM-DDThh:mm:ss.ms UTC] [ERROR] [GID:1] ( connectarrays.go commands/discoverarrays/tpar.(*ConnectArrays).Handle 45 ) HPESRA: Failed to connect to storage system Storage_array.Domain.com
[YYYY-MM-DDThh:mm:ss.ms UTC] [INFO] [GID:1] ( discoverarrayhandler.go commands/discoverarrays.(*DAHandler).execute 63 ) HPESRA: Discover Array command failed

Resolution

To resolve this issue, the administrator must ensure a valid certificate is generated and applied to the target HPE Storage Array.

Engage the storage array vendor or utilize the storage array's administrative interface to generate a new, valid certificate (either self-signed or CA-signed).
Ensure that both the Fully Qualified Domain Name (e.g., Storage_array.Domain.com) and the management IP address are explicitly defined in the new certificate.
Once the updated certificate is active on the Storage Array, re-attempt the storage array pair configuration from the VLR management interface, specifically utilizing the FQDN.