• When attempting to deploy a new standby cell using VMware Cloud Director (VCD) it fails when attempting to configure the standby cell with the error below:
  
  configure-vcd script failed to complete

• In the /opt/vmware/var/log/vcd/vcloud-container-info.log you will see the follow error messages:

  DATE TIME | INFO     | main                      | ConfigAgent                    | HTTP SSL certificate entered: /opt/vmware/vcloud-director/data/transfer/user.http.pem |
DATE TIME | INFO     | main                      | ConfigAgent                    | HTTP SSL private key entered: /opt/vmware/vcloud-director/data/transfer/user.http.key |
DATE TIME | ERROR    | main                      | ConfigAgent                    | Cryptographic error: signed fields invalid |
DATE TIME | ERROR    | main                      | ConfigAgent                    | Aborting configure due to OTHER (106) |
com.vmware.vcloud.configure.legacy.ConfigAgentException: Aborting configure due to OTHER (106)
Caused by: java.security.cert.CertificateParsingException: signed fields invalid
        at java.base/sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1826)
        at java.base/sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:181)
        at java.base/sun.security.x509.X509CertImpl.newX509CertImpl(X509CertImpl.java:304)
        at java.base/sun.security.provider.X509Factory.parseX509orPKCS7Cert(X509Factory.java:471)
        at java.base/sun.security.provider.X509Factory.engineGenerateCertificates(X509Factory.java:356)
        at java.base/java.security.cert.CertificateFactory.generateCertificates(CertificateFactory.java:480)
        at com.vmware.vcloud.common.crypto.X509Util.createCertificates(X509Util.java:522)
        at com.vmware.vcloud.common.crypto.X509Util.createCertificates(X509Util.java:514)
        at com.vmware.vcloud.common.cmt.CertificateInputUtils.promptAndLoadUserCertificates(CertificateInputUtils.java:147)
        at com.vmware.vcloud.common.cmt.CertificateInputUtils.configureServerCertificates(CertificateInputUtils.java:99)
        at com.vmware.vcloud.configure.legacy.ConfigAgent.configureCertificates(ConfigAgent.java:899)
        at com.vmware.vcloud.configure.legacy.ConfigAgent.configureCell(ConfigAgent.java:637)
        at com.vmware.vcloud.configure.legacy.ConfigAgent.start(ConfigAgent.java:423)
        at com.vmware.vcloud.configure.legacy.ConfigAgentExecutor.start(ConfigAgentExecutor.java:83)
        at com.vmware.vcloud.configure.legacy.ConfigAgentExecutor.main(ConfigAgentExecutor.java:78)

VMware Cloud Director 10.6.x

This issue occurs when using a wildcard certificate and the certificate on the /opt/vmware/vcloud-director/data/transfer/ directory is incorrect and not matching the certificate used from the primary cell.

1. Check if the file /opt/vmware/vcloud-director/etc/user.http.key is matching the file opt/vmware/vcloud-director/data/transfer/user.http.key.

2. Check if the the cert on /opt/vmware/vcloud-director/etc/user.http.pem is matching the one on the certificate library on the provided portal and consumed by the primary cell.

3. If the the user.http.key is the same in both directory and cert on /opt/vmware/vcloud-director/etc/user.http.pem is different from the one on /opt/vmware/vcloud-director/data/transfer/user.http.pem, but matching the certificate on the certificate library on the provided portal and consumed by the primary cell, proceed with step 4.

4. Replace user.http.pem on the /opt/vmware/vcloud-director/data/transfer copying the current http certificate from the /opt/vmware/vcloud-director/etc/ to the transfer directory:

   
   cp /opt/vmware/vcloud-director/etc/user.http.pem /opt/vmware/vcloud-director/data/transfer/user.http.pem



5. Changed the file permissions as below:

   chown vcloud.vcloud user.http.pem
chmod 0750 user.http.pem
   
   

6. Try reconfiguring the newly deployed standby cell.