• Certificate Replacement with Custom Certificates fails on vCenter Server 6.x with lstool get-site-id failed error message

  certificate-manager 'lstool get-site-id' failed: 1"

• Certificate Manager log shows similar to below messages in the location /var/log/vmware/vmcad/certificate-manager.log

  ERROR certificate-manager Error while replacing Machine SSL Cert, please see /var/log/vmware/vmcad/certificate-manager.log for more information.
  ERROR certificate-manager 'lstool get-site-id' failed: 1
  INFO certificate-manager Performing rollback of Machine SSL Cert

• VMware vCenter Server 6.0.x
• VMware vCenter Server 6.5.x
• VMware vCenter Server 7.0.x

This issue can happen while trying to replace Machine SSL of vCenter Server using Custom Certificate with an unsupported Signature Algorithm RSASSA-PSS

• Regenerate the Certificate with a Supported Signature Algorithm (Eg. SHA256) and proceed with certificate replacement to fix the issue.
• Refer to Article Replace vCenter Machine SSL certificate Custom Certificate Authority Signed Certificate to replace the Machine SSL Certificate.

Refer to Doc Platform Services Controller Administration for more information on unsupported signature algorithms