Re: Trying to add vCenter - unable to get vCenter ...

LaurenMalhoit · ‎12-16-2013

I'm trying to add another vCenter server in vCOPS. I get the error: unable to get vCenter server certificate chain.

This is vCenter 5.1, vCOPS 5.8.

Any thoughts?

jddias · ‎12-16-2013

Sounds like maybe an expired certificate, can you confirm?

Visit my blog for vCloud Management tips and tricks - http://www.storagegumbo.com

gradinka · ‎12-17-2013

...or weak certificate?

you need 2048bit public key, local SSH_CIPHERS="aes256-ctr,aes128-ctr"

mark_j · ‎12-17-2013

I've seen an error for an expired SSL cert on vCenter, and what you're seeing isn't it.

I'm going to assume you've already checked for ssl expiration and the help of the cert+chain as per the previous recommendations.

Are you using SSL cert signed by a 3rd party CA? (your company CA, or perhaps something like GoDaddy). If so, you'll need to add the CAs on the chain in to the truststore even if the chain (even when the chain is built properly sometimes). See the following KB:

VMware KB: When attempting to access VMware vCenter Operations Manager 5.x, an error is displayed: N...

FYI, you also add the server certs to the truststore in the same fashion for LDAP SSL hosts in the Custom UI.

If you find this or any other answer useful please mark the answer as correct or helpful.

AstraMonti · ‎12-19-2013

Did you find out anything about it? I am experiencing the same issue myself.

gradinka · ‎12-19-2013

are you "all clear" on the options mentioned above?

AstraMonti · ‎12-19-2013

I am using vcenters' self signed certificate on that installation, so unless I am missing something I would say yes, all clear.

Edit: Sorry my fault, followed that kb and fixed it: VMware KB: When attempting to access VMware vCenter Operations Manager 5.x, an error is displayed: N...

All

Trying to add vCenter - unable to get vCenter server certificate chain