VMware vSphere

 View Only

 VCSA 6.7 - Updating Machine Certiifcate failing

SunnyGhat's profile image
SunnyGhat posted May 28, 2025 09:56 AM

Hello, 

Hoping someone can help me out, I am attempting to update the Intermediate and host SSL certificate on a VSCA server that is expiring soon, I have performed the folliwng steps:

1) Launched vSphere 6.7 Certificate Manager from CLI

2) Generated a new CSR

3) Generated new SSL Certicate using the CSR

4) Uploaded certificaete to server (file is formatted as: <host cert><intermediate cert><root cert>)

5) Uploaded signing cert file (file is formatted as: <intermediate cert><root cert>)

6) used the Certificate Manager to Import a custom cert and key to replace the existing Machine SSL (option 1,2)
7) Provide location and filename of the cutom certficate
8) Provide location and filename of the key (generated when creating the CSR)

The import process starts and reports "Don't update service <service id>

then performs a rollback 

in the certificate-manager.log the following is logged:


I have searched the internet for possible causes for the roll back, but any suggestions i have found seems to not work.

any help would be much appricated.
Alexandru Capras's profile image
Alexandru Capras

Hello,

I recommend starting the troubleshooting process from the point where you generated the CSR. Ensure that the SSL certificate you're using is a full chain, it should include the machine certificate, the intermediate, and the root certificates.

Check the following KB article:

https://knowledge.broadcom.com/external/article?legacyId=2112277

1101's profile image
1101

you using digicert for your cert authority by chance?