VMware vSphere

Hi everyone

I have Vcenter 7.0.3.00700 and want to replace SSL ، I generated CSR from Vcenter. After I got a new certificate from Replace Vcenter server certificate section I chose "Replace with external CA certificate where CSR is generated from vCenter Server (private key embedded)" and after importing SSL and chain trust, I faced an error. I attached the picture, please help me.

Thanks

Please check if the PNID value is mismatch. It could be one of the reason for the cert fail

to check the current value:

/usr/lib/vmware-vmafd/bin/vmafd-cli get-pnid --server-name localhost

to update the value:

/usr/lib/vmware-vmafd/bin/vmafd-cli set-pnid --server-name localhost --pnid <pnid>

Hi again,

They are the same and there is no mismatch.

I ran your command and after that, the error changed.

The new error is "Error occurred while fetching tls: the trustAnchors parameter must be non-empty"

please follow this thread:

https://communities.vmware.com/t5/VMware-vSphere-Discussions/Certificate-Management/td-p/2840115

Hi  

Is it applies to me, who uses an External certification authority? 

Im using external CA.

But im doing that with -->

/usr/lib/vmware-vmca/bin/certificate-manager

More transaparent than the GUI

1 -> Enter (Replace Machine SSL certificate with Custom Certificate)

Benutzname -> Enter

Passwort -> Enter

1 -> Enter (Generate Certificate Signing Request(s) and Key(s) for Machine SSL certificate

cheers

Yes, it will apply who is using external CA. You can also check if CSR not generated through vCenter. Some public CAs  also generate private key along with certificate and the chain. 

Hello,

This error can occur due to the algorithm used to sign the CSR using SHA1 which is not supported..

More Details : https://kb.vmware.com/s/article/2112277?lang=en_us

Regards

Harry