2 Replies Latest reply on Sep 22, 2013 12:18 PM by racom

    Can't reconnect host to vCSA: Host name does not match the subject name(s) in certificate.

    racom Enthusiast

      I've found vSphere HA agent on one ESXi 5.1.0 host disabled. I'm trying to reconnect but with no success. Searching vpxd log on vCSA I suppose some certificate problem to be reason:


      2013-09-16T13:06:48.973+02:00 [7FFB63D80700 error 'Default'] SSLStreamImpl::DoClientHandshake (0

      0007ffb56997f10) SSL_connect failed. Dumping SSL error queue:

      2013-09-16T13:06:48.973+02:00 [7FFB63D80700 error 'Default'] [0] error:14090086:SSL routines:SSL

      3_GET_SERVER_CERTIFICATE:certificate verify failed

      2013-09-16T13:06:48.973+02:00 [7FFB63D80700 error 'HttpConnectionPool-000001'] [ConnectComplete]

      Connect failed to <cs p:00007ffb7b740070, TCP:mrak.racom.cz:443>; cnx: (null), error: N7Vmacore

      3Ssl18SSLVerifyExceptionE(SSL Exception: Verification parameters:

      --> PeerThumbprint: 08:EC:23:C0:78:C9:24:A3:F0:83:A8:CC:40:51:95:86:D9:43:7F:E4

      --> ExpectedThumbprint:

      --> ExpectedPeerName: mrak.racom.cz

      --> The remote host certificate has these problems:


      --> * Host name does not match the subject name(s) in certificate.


      --> * unable to get local issuer certificate)

      2013-09-16T13:06:48.978+02:00 [7FFB68AF8700 info 'commonvpxLro' opID=6c47530e] [VpxLRO] -- FINIS

      H task-internal-89757948 -- datacenter-2 -- vim.Datacenter.queryConnectionInfo --

      2013-09-16T13:06:48.978+02:00 [7FFB68AF8700 info 'Default' opID=6c47530e] [VpxLRO] -- ERROR task

      -internal-89757948 -- datacenter-2 -- vim.Datacenter.queryConnectionInfo: vim.fault.SSLVerifyFau


      --> Result:

      --> (vim.fault.SSLVerifyFault) {

      -->    dynamicType = <unset>,

      -->    faultCause = (vmodl.MethodFault) null,

      -->    selfSigned = false,

      -->    thumbprint = "08:EC:23:C0:78:C9:24:A3:F0:83:A8:CC:40:51:95:86:D9:43:7F:E4",

      -->    msg = "",

      --> }

      --> Args:



      Following VMware KB: Cannot add or connect an ESXi 4.1 host to vCenter Server 5.x I've checked SSL in SoftwareAdvanced Setting (see attachement) but I see no security.host.ruissl in /etc/vmware/config. Any idea, please?