VMware vSphere

View Only

VCSA 6.7 - Updating Machine Certiifcate failing

SunnyGhat posted May 28, 2025 09:56 AM

Hello,

Hoping someone can help me out, I am attempting to update the Intermediate and host SSL certificate on a VSCA server that is expiring soon, I have performed the folliwng steps:

1) Launched vSphere 6.7 Certificate Manager from CLI

2) Generated a new CSR

3) Generated new SSL Certicate using the CSR

4) Uploaded certificaete to server (file is formatted as: <host cert><intermediate cert><root cert>)

5) Uploaded signing cert file (file is formatted as: <intermediate cert><root cert>)

6) used the Certificate Manager to Import a custom cert and key to replace the existing Machine SSL (option 1,2)
7) Provide location and filename of the cutom certficate
8) Provide location and filename of the key (generated when creating the CSR)

The import process starts and reports "Don't update service <service id>

then performs a rollback

in the certificate-manager.log the following is logged:

I have searched the internet for possible causes for the roll back, but any suggestions i have found seems to not work.

any help would be much appricated.

Alexandru Capras posted May 29, 2025 03:12 AM

Hello,

I recommend starting the troubleshooting process from the point where you generated the CSR. Ensure that the SSL certificate you're using is a full chain, it should include the machine certificate, the intermediate, and the root certificates.

Check the following KB article:

https://knowledge.broadcom.com/external/article?legacyId=2112277

1101 posted May 29, 2025 09:18 AM

you using digicert for your cert authority by chance?