Attempting to replace the SSL certificate for VCF Operations for Logs via Fleet Manager fails with error code LCMVRLISYSTEM45040
search cancel

Attempting to replace the SSL certificate for VCF Operations for Logs via Fleet Manager fails with error code LCMVRLISYSTEM45040

book

Article ID: 435407

calendar_today

Updated On:

Products

VCF Operations

Issue/Introduction

  • Replacing the SSL certificate for VCF Operations for Logs via Fleet Manager fails with Error Code LCMVRLISYSTEM45040
  • The VCF Operations UI shows the following error for the SSL certificate replacement task

Certificate replacement for appliance VCF_Ops_Logs_FQDN has failed. Failed to perform specified operation. Applying certificate failed. Check VCF Operations Fleet Management logs at /var/log/vrlcm/vmware_vrlcm.log for additional information.

  • The /var/log/vrlcm/vmware_vrlcm.log on the Fleet Manager shows the following error:

2026-03-31T14:32:37.724Z INFO vrlcm[1318] [pool-3-thread-91] [c.v.v.l.d.v.InstallConfigureVRLI]  -- The Operations-logs instance https://xx.xx.xx.xx service is running
2026-03-31T14:32:37.741Z INFO vrlcm[1318] [pool-3-thread-91] [c.v.v.l.u.CustomTrustManager]  -- Certificate chain trusted
2026-03-31T14:32:38.406Z INFO vrlcm[1318] [pool-3-thread-91] [c.v.v.l.d.v.InstallConfigureVRLI]  -- certificate api response: statuscode = 400
2026-03-31T14:32:38.406Z INFO vrlcm[1318] [pool-3-thread-91] [c.v.v.l.d.v.InstallConfigureVRLI]  -- certificate api response: message = Bad Request
2026-03-31T14:32:38.406Z ERROR vrlcm[1318] [pool-3-thread-91] [c.v.v.l.p.v.VrliImportCertificateTask]  -- Applying certificate failed. Non Success status code:400 returned from Operations-logs
2026-03-31T14:32:38.406Z INFO vrlcm[1318] [pool-3-thread-91] [c.v.v.l.p.a.s.Task]  -- Injecting task failure event. Error Code : 'LCMVRLISYSTEM45040', Retry : 'true', Causing Properties : '{ CAUSE :: skipTask ===  }'
com.vmware.vrealize.lcm.common.exception.LcmException: Applying certificate failed. Non Success status code:400 returned from Operations-logs

2026-03-31T14:32:38.557Z INFO vrlcm[1318] [scheduling-1] [c.v.v.l.r.c.RequestProcessor]  -- Updating the Environment request status to FAILED for request ID : fc86bcdc-e720-43b5-b53f-cb1e438c1c11 with request type : REPLACE_PRODUCT_CERTIFICATE.

  • The /var/log/vmware/loginsight/runtime.log on the VCF Operations for Logs node shows the following error

[2026-03-31 18:40:44.739+0000] ["https-openssl-apr-443-exec-8"/xx.xx.xx.xx INFO] [com.vmware.loginsight.web.actions.misc.LoggerActionBean] [Submit form response {"errMsg":"Failed to update certificate: [\"Unable to use the private key with certificate \\\"/C=XX/ST=XX/O=XXX/CN=VCF_Ops_Logs_FQDN\\\" \",\"Certificate was signed using a deprecated signature algorithm based on SHA-1: sha1WithRSAEncryption\"]","succ":false}]

Environment

VCF Operations 9.x

VCF Operations for Logs 9.x

Cause

One of the signing chain certificate(s) (intermediate/root) for the VCF Operations for Logs certificate contains SHA1 signature algorithm. VCF Operations for Logs does not support SHA1 security algorithm

Resolution

Generate or obtain a new SSL certificate for VCF Operations for Logs that uses SHA256 Signature Algorithm (including Intermediate Certificate(s) and all Root Certificate in chain) and proceed with the certificate replacement

Powered by Wolken Software