• Using vCert Script to check current certificate status on the vCenter reports the below warning:
  
  "One or more certificates are missing the PNID <vCenter_FQDN> from the SAN entry".


• The vCenter's PNID is in upper case whereas the hostname is set to lowercase:
  
  
  • PNID: /usr/lib/vmware-vmafd/bin/vmafd-cli get-pnid --server-name localhost
    FQDN.example.com
    
    
  • Hostname: hostname -f
    fqdn.example.com
    
    
• Checking the Subject Alternative Name field on the vCenter's Machine SSL certificate displays the hostname of the vCenter as fqdn.example.com

VMware vCenter Server 8.x

VMware vCenter 9.x

The vCert script flags missing PNID due to the vCenter hostname and PNID case mistmatch. This causes the hostname to overwrite the PNID in the Machine SSL certificate's SAN field, triggering the error.

For PNID and hostname mismatch on vCenter caused due to case difference, updating the PNID on vCenter using VAMI will fail with error 'Adding new CN entries failed'.

Follow the steps below to resolve the issue:

1. Take a snapshot of the vCenter Virtual Machine. If the vCenter is in enhanced linked mode, follow VMware vCenter in Enhanced Linked Mode pre-changes snapshot (online or offline) best practice.
2. Login to the vCenter Appliance Management Interface (https://<VCSA_FQDN>:5480) as root.
3. Navigate to Networking -> Network Settings -> Edit.
4. Update the hostname with a placeholder. Example: localhost
5. Reboot the vCenter Server. Do not skip this step as this is necessary to update the Likewise registry and restart the underlying services.
6. Re-login to vCenter Appliance Management Interface and set the hostname to lowercase: fqdn.example.com 
7. Reboot the vCenter.