My pleasure. We've got to stick together with this stuff!
Original Message:
Sent: Jan 23, 2025 12:34 PM
From: John Lalande
Subject: Replacing Machine SSL Certificate
Thanks for this, Marc. This helped me fix this issue on our vCenter install. I used the certificate provided in the Sectigo article you linked to and replaced the first of three certificates in the Sectigo intermediate certificate they provide with new SSL certs ("Issuing CA certificates only: as Root/Intermediate(s) only, PEM encoded"), and was finally able to get a working SSL certificate in vCenter.
Original Message:
Sent: Jan 13, 2025 09:33 AM
From: Marc Rosenthal
Subject: Replacing Machine SSL Certificate
For us Sectigo users, I found the solution on their site: https://www.sectigo.com/faqs/detail/VMware-Center-Certificate-does-not-accept-the-SHA-1-root-certificate/kA0Uj0000002rBV
It has to do with replacing the root cert section, which was reporting as SHA1. Once I used the solution in the link, the cert worked.
Original Message:
Sent: Jan 09, 2025 05:17 PM
From: Marc Rosenthal
Subject: Replacing Machine SSL Certificate
Hello. How did you get around this issue? I have the same problem using InCommon (Sectigo).
Original Message:
Sent: Dec 06, 2024 02:02 PM
From: John Davidson
Subject: Replacing Machine SSL Certificate
Oh I see what you did, you're right.... Bummer! I'm seeing the same thing on mine as well.
Original Message:
Sent: Nov 19, 2024 05:57 AM
From: Jonas karlsson
Subject: Replacing Machine SSL Certificate

Original Message:
Sent: Nov 12, 2024 05:07 PM
From: John Davidson
Subject: Replacing Machine SSL Certificate
Hi there! We have an SSL cert issued by GoDaddy that I'm certain is SHA256:

However, I get an error when applying this cert that it uses a weak signature algorithm and isn't supported.
"[CERTIFICATE] Replace cert Failed: Exception found (Certificate uses a weak signature algorithm - SHA1WITHRSA. Only SHA-2 RSA algorithms are supported on the vCenter Server.)"

Has anyone else run into this issue or have any guidance for me?