SDDC Manager component installation fails due to a certificate Subject Alternative Name (SAN) validation error. This failure occurs when the validation process identifies that a node within the cluster lacks a certificate that explicitly includes its Fully Qualified Domain Name (FQDN) or IP in the certificate SAN field.

• VCF 9.1
• VCF Operations 9.1
• SDDC Manager 9.1

This issue can occur when:

• VCF Operations node FQDN/IP address is omitted from the SAN field of the active VCF Operations SSL certificate.
• The active VCF Operations SSL certificate contains an incorrect IP address entry.

To resolve this issue update the certificate to include the missing information:

1. Run the following command to verify that all VCF Operations node FQDN's and IP's are present and are correct (Replacing <VCF_OPS_PRIMARY>):
   
   openssl s_client -connect <VCF_OPS_PRIMARY>:443 </dev/null 2>/dev/null \| openssl x509 -noout -text | grep DNS:
   
   
2. Regenerate the VCF Operations certificate ensuring to explicitly include the missing node FQDN or IP address in the Subject Alternative Name (SAN) field during the CSR generation process.
3. Apply the newly generated certificate to the VCF Operations cluster.
4. Re-run the component installation validation in SDDC Manager.

Configure a Certificate For Use With VCF Operations