VMware vSphere

Hi there!  We have an SSL cert issued by GoDaddy that I'm certain is SHA256: 

However, I get an error when applying this cert that it uses a weak signature algorithm and isn't supported. 

"[CERTIFICATE] Replace cert Failed: Exception found (Certificate uses a weak signature algorithm - SHA1WITHRSA. Only SHA-2 RSA algorithms are supported on the vCenter Server.)"

Has anyone else run into this issue or have any guidance for me?

Hello John,

Could you please validate the Signature algorithm of the other certs in the chain? (Intermediate / root cert)

Regards,

Navin A

Hi there!  We have an SSL cert issued by GoDaddy that I'm certain is SHA256: 

However, I get an error when applying this cert that it uses a weak signature algorithm and isn't supported. 

"[CERTIFICATE] Replace cert Failed: Exception found (Certificate uses a weak signature algorithm - SHA1WITHRSA. Only SHA-2 RSA algorithms are supported on the vCenter Server.)"

Has anyone else run into this issue or have any guidance for me?

All certificates in the chain use the "sha256RSA" algorithm and sha256 hash as shown in the screenshot.

Hello John,

Could you please validate the Signature algorithm of the other certs in the chain? (Intermediate / root cert)

Regards,

Navin A

Hi there!  We have an SSL cert issued by GoDaddy that I'm certain is SHA256: 

However, I get an error when applying this cert that it uses a weak signature algorithm and isn't supported. 

"[CERTIFICATE] Replace cert Failed: Exception found (Certificate uses a weak signature algorithm - SHA1WITHRSA. Only SHA-2 RSA algorithms are supported on the vCenter Server.)"

Has anyone else run into this issue or have any guidance for me?

The provided screenshot is from the Machine cert. 
The error would be seen if any cert in the chain has a SHA1. Could you please check the signature algorithm of the intermediate and root cert

All certificates in the chain use the "sha256RSA" algorithm and sha256 hash as shown in the screenshot.

Hello John,

Could you please validate the Signature algorithm of the other certs in the chain? (Intermediate / root cert)

Regards,

Navin A

Hi there!  We have an SSL cert issued by GoDaddy that I'm certain is SHA256: 

However, I get an error when applying this cert that it uses a weak signature algorithm and isn't supported. 

"[CERTIFICATE] Replace cert Failed: Exception found (Certificate uses a weak signature algorithm - SHA1WITHRSA. Only SHA-2 RSA algorithms are supported on the vCenter Server.)"

Has anyone else run into this issue or have any guidance for me?

I did, this is what I meant by "all certificates in the chain," but I can provide screenshots of the others if that would help confirm.

The provided screenshot is from the Machine cert. 
The error would be seen if any cert in the chain has a SHA1. Could you please check the signature algorithm of the intermediate and root cert

All certificates in the chain use the "sha256RSA" algorithm and sha256 hash as shown in the screenshot.

Hello John,

Could you please validate the Signature algorithm of the other certs in the chain? (Intermediate / root cert)

Regards,

Navin A

Hi there!  We have an SSL cert issued by GoDaddy that I'm certain is SHA256: 

However, I get an error when applying this cert that it uses a weak signature algorithm and isn't supported. 

"[CERTIFICATE] Replace cert Failed: Exception found (Certificate uses a weak signature algorithm - SHA1WITHRSA. Only SHA-2 RSA algorithms are supported on the vCenter Server.)"

Has anyone else run into this issue or have any guidance for me?

Hi there!  We have an SSL cert issued by GoDaddy that I'm certain is SHA256: 

However, I get an error when applying this cert that it uses a weak signature algorithm and isn't supported. 

"[CERTIFICATE] Replace cert Failed: Exception found (Certificate uses a weak signature algorithm - SHA1WITHRSA. Only SHA-2 RSA algorithms are supported on the vCenter Server.)"

Has anyone else run into this issue or have any guidance for me?

Hi there!  We have an SSL cert issued by GoDaddy that I'm certain is SHA256: 

However, I get an error when applying this cert that it uses a weak signature algorithm and isn't supported. 

"[CERTIFICATE] Replace cert Failed: Exception found (Certificate uses a weak signature algorithm - SHA1WITHRSA. Only SHA-2 RSA algorithms are supported on the vCenter Server.)"

Has anyone else run into this issue or have any guidance for me?

Hi there!  We have an SSL cert issued by GoDaddy that I'm certain is SHA256: 

However, I get an error when applying this cert that it uses a weak signature algorithm and isn't supported. 

"[CERTIFICATE] Replace cert Failed: Exception found (Certificate uses a weak signature algorithm - SHA1WITHRSA. Only SHA-2 RSA algorithms are supported on the vCenter Server.)"

Has anyone else run into this issue or have any guidance for me?

Hi there!  We have an SSL cert issued by GoDaddy that I'm certain is SHA256: 

However, I get an error when applying this cert that it uses a weak signature algorithm and isn't supported. 

"[CERTIFICATE] Replace cert Failed: Exception found (Certificate uses a weak signature algorithm - SHA1WITHRSA. Only SHA-2 RSA algorithms are supported on the vCenter Server.)"

Has anyone else run into this issue or have any guidance for me?

Original Message:
Sent: Nov 12, 2024 05:07 PM
From: John Davidson
Subject: Replacing Machine SSL Certificate

Hi there!  We have an SSL cert issued by GoDaddy that I'm certain is SHA256: 

However, I get an error when applying this cert that it uses a weak signature algorithm and isn't supported. 

"[CERTIFICATE] Replace cert Failed: Exception found (Certificate uses a weak signature algorithm - SHA1WITHRSA. Only SHA-2 RSA algorithms are supported on the vCenter Server.)"

Has anyone else run into this issue or have any guidance for me?

Oh I see what you did, you're right.... Bummer!  I'm seeing the same thing on mine as well.

Original Message:
Sent: Nov 19, 2024 05:57 AM
From: Jonas karlsson
Subject: Replacing Machine SSL Certificate

Original Message:
Sent: Nov 12, 2024 05:07 PM
From: John Davidson
Subject: Replacing Machine SSL Certificate

Hi there!  We have an SSL cert issued by GoDaddy that I'm certain is SHA256: 

However, I get an error when applying this cert that it uses a weak signature algorithm and isn't supported. 

"[CERTIFICATE] Replace cert Failed: Exception found (Certificate uses a weak signature algorithm - SHA1WITHRSA. Only SHA-2 RSA algorithms are supported on the vCenter Server.)"

Has anyone else run into this issue or have any guidance for me?

Hello. How did you get around this issue? I have the same problem using InCommon (Sectigo).

Oh I see what you did, you're right.... Bummer!  I'm seeing the same thing on mine as well.

Original Message:
Sent: Nov 19, 2024 05:57 AM
From: Jonas karlsson
Subject: Replacing Machine SSL Certificate

Original Message:
Sent: Nov 12, 2024 05:07 PM
From: John Davidson
Subject: Replacing Machine SSL Certificate

Hi there!  We have an SSL cert issued by GoDaddy that I'm certain is SHA256: 

However, I get an error when applying this cert that it uses a weak signature algorithm and isn't supported. 

"[CERTIFICATE] Replace cert Failed: Exception found (Certificate uses a weak signature algorithm - SHA1WITHRSA. Only SHA-2 RSA algorithms are supported on the vCenter Server.)"

Has anyone else run into this issue or have any guidance for me?

For us Sectigo users, I found the solution on their site: https://www.sectigo.com/faqs/detail/VMware-Center-Certificate-does-not-accept-the-SHA-1-root-certificate/kA0Uj0000002rBV

It has to do with replacing the root cert section, which was reporting as SHA1. Once I used the solution in the link, the cert worked.

Hello. How did you get around this issue? I have the same problem using InCommon (Sectigo).

Oh I see what you did, you're right.... Bummer!  I'm seeing the same thing on mine as well.

Original Message:
Sent: Nov 19, 2024 05:57 AM
From: Jonas karlsson
Subject: Replacing Machine SSL Certificate

Original Message:
Sent: Nov 12, 2024 05:07 PM
From: John Davidson
Subject: Replacing Machine SSL Certificate

Hi there!  We have an SSL cert issued by GoDaddy that I'm certain is SHA256: 

However, I get an error when applying this cert that it uses a weak signature algorithm and isn't supported. 

"[CERTIFICATE] Replace cert Failed: Exception found (Certificate uses a weak signature algorithm - SHA1WITHRSA. Only SHA-2 RSA algorithms are supported on the vCenter Server.)"

Has anyone else run into this issue or have any guidance for me?

Thanks for this, Marc. This helped me fix this issue on our vCenter install. I used the certificate provided in the Sectigo article you linked to and replaced the first of three certificates in the Sectigo intermediate certificate they provide with new SSL certs ("Issuing CA certificates only: as Root/Intermediate(s) only, PEM encoded"), and was finally able to get a working SSL certificate in vCenter.

For us Sectigo users, I found the solution on their site: https://www.sectigo.com/faqs/detail/VMware-Center-Certificate-does-not-accept-the-SHA-1-root-certificate/kA0Uj0000002rBV

It has to do with replacing the root cert section, which was reporting as SHA1. Once I used the solution in the link, the cert worked.

Hello. How did you get around this issue? I have the same problem using InCommon (Sectigo).

Oh I see what you did, you're right.... Bummer!  I'm seeing the same thing on mine as well.

Original Message:
Sent: Nov 19, 2024 05:57 AM
From: Jonas karlsson
Subject: Replacing Machine SSL Certificate

Original Message:
Sent: Nov 12, 2024 05:07 PM
From: John Davidson
Subject: Replacing Machine SSL Certificate

Hi there!  We have an SSL cert issued by GoDaddy that I'm certain is SHA256: 

However, I get an error when applying this cert that it uses a weak signature algorithm and isn't supported. 

"[CERTIFICATE] Replace cert Failed: Exception found (Certificate uses a weak signature algorithm - SHA1WITHRSA. Only SHA-2 RSA algorithms are supported on the vCenter Server.)"

Has anyone else run into this issue or have any guidance for me?