VCF 9

This issue occurs when the appliance cannot establish a secure, authenticated connection to the Broadcom Online Depot. The failure is typically attributed to one of the following factors:

Time Sync: NTP offset is causing SSL/TLS handshake expiration.

Network/Firewall: Egress traffic to dl.broadcom.com:443 is blocked.

Proxy/Trust: Intercepting proxies are using internal Certificate Authorities (CAs) not present in the appliance trust store.

Authentication: The Broadcom Support Portal download token is invalid or expired.

Step 1: Synchronize NTP Ensure the system clock is synchronized with an authoritative NTP server, as a time discrepancy can cause SSL handshake failures.

1. SSH into the Operations Manager appliance using the vcf user.

2. Run ntpq -p to verify synchronization with configured time servers.

Step 2: Check Firewall Rules Confirm that the network firewall allows HTTPS egress traffic to https://dl.broadcom.com over port 443.

Step 3: Validate Proxy/Certificate Trust If utilizing an intercepting proxy, verify if it issues certificates from an internal CA. If so, add the Internal CA certificate chain to the Operations Manager trust store.

Step 4: Update Depot Settings

1. Generate a new download token from the Broadcom Support Portal.

2. Navigate to the Depot Settings in Operations Manager and input the new authentication token to authorize the appliance.

Step 5: Test Connectivity To confirm line-of-sight and certificate validity, run the following command from the Operations Manager CLI to identify specific connection or certificate errors: curl -v --head https://dl.broadcom.com:443 A successful connection should negotiate the TLS handshake and return an HTTP status code without dropping.