<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Error, certificate failed to replace! in vCenter™ Server Discussions</title>
    <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/Error-certificate-failed-to-replace/m-p/1861644#M59805</link>
    <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Anyone know why a 6.7 vCenter appliance would fail to accept new solution user certificates in both the UI and the CLI (Certificate-Manager)?&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Specifics:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;- 6.7U3C vCenter appliance in Enhanced-Linked mode&lt;/P&gt;&lt;P&gt;- Machine SSL certificate replaced without issue&lt;/P&gt;&lt;P&gt;- The VPXD, VPDX-extension, machine, and vsphere-webclient certificates will not replace&lt;/P&gt;&lt;P&gt;- &lt;STRONG&gt;There are no wild cards in the certificates [SANs or CNs, etc.]&lt;/STRONG&gt;&lt;/P&gt;&lt;P&gt;- All of the vCenters in the environment have the same certificate templates and are the same, but they were upgraded to 6.7. This one is new.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;The certificates were generated using open-ssl.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;The template uses 4096, what should be the proper enhanced attributes, includes the corresponding type in the CN [e.g. machine-FQDN, VPXD-FQDN, etc.].&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;This is really odd.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;GB&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
    <pubDate>Tue, 25 Feb 2020 15:47:09 GMT</pubDate>
    <dc:creator>GBartsch</dc:creator>
    <dc:date>2020-02-25T15:47:09Z</dc:date>
    <item>
      <title>Error, certificate failed to replace!</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/Error-certificate-failed-to-replace/m-p/1861644#M59805</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Anyone know why a 6.7 vCenter appliance would fail to accept new solution user certificates in both the UI and the CLI (Certificate-Manager)?&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Specifics:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;- 6.7U3C vCenter appliance in Enhanced-Linked mode&lt;/P&gt;&lt;P&gt;- Machine SSL certificate replaced without issue&lt;/P&gt;&lt;P&gt;- The VPXD, VPDX-extension, machine, and vsphere-webclient certificates will not replace&lt;/P&gt;&lt;P&gt;- &lt;STRONG&gt;There are no wild cards in the certificates [SANs or CNs, etc.]&lt;/STRONG&gt;&lt;/P&gt;&lt;P&gt;- All of the vCenters in the environment have the same certificate templates and are the same, but they were upgraded to 6.7. This one is new.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;The certificates were generated using open-ssl.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;The template uses 4096, what should be the proper enhanced attributes, includes the corresponding type in the CN [e.g. machine-FQDN, VPXD-FQDN, etc.].&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;This is really odd.&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;GB&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Tue, 25 Feb 2020 15:47:09 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/Error-certificate-failed-to-replace/m-p/1861644#M59805</guid>
      <dc:creator>GBartsch</dc:creator>
      <dc:date>2020-02-25T15:47:09Z</dc:date>
    </item>
    <item>
      <title>Re: Error, certificate failed to replace!</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/Error-certificate-failed-to-replace/m-p/1861645#M59806</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Could you check /var/log/vmware/vmcad/certificate-manager.log and search for any errors?&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 26 Feb 2020 21:52:00 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/Error-certificate-failed-to-replace/m-p/1861645#M59806</guid>
      <dc:creator>KocPawel</dc:creator>
      <dc:date>2020-02-26T21:52:00Z</dc:date>
    </item>
    <item>
      <title>Re: Error, certificate failed to replace!</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/Error-certificate-failed-to-replace/m-p/1861646#M59807</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;have you used different certs for solution users or are you using the same one which you have used for MACHINE_SSL?&lt;/P&gt;&lt;P&gt;pls share the certificate-manager.log here and we can let you know whats going wrong there&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;thanks,&lt;/P&gt;&lt;P&gt;MS&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Thu, 27 Feb 2020 14:12:49 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/Error-certificate-failed-to-replace/m-p/1861646#M59807</guid>
      <dc:creator>msripada</dc:creator>
      <dc:date>2020-02-27T14:12:49Z</dc:date>
    </item>
    <item>
      <title>Re: Error, certificate failed to replace!</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/Error-certificate-failed-to-replace/m-p/1861647#M59808</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Checked the logs... the errors don't tell you anything useful:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;ERROR certificate-manager &amp;lt;date&amp;gt; &amp;lt;Time&amp;gt; Updating certificate for "com.vmware.vim.eam" extension&lt;/P&gt;&lt;P&gt;ERROR certificate-manager &amp;lt;date&amp;gt; &amp;lt;Time&amp;gt; Updating certificate for "com.vmware.rbd" extension&lt;/P&gt;&lt;P&gt;ERROR certificate-manager &amp;lt;date&amp;gt; &amp;lt;Time&amp;gt; Updating certificate for "com.vmware.imagebuilder" extension&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Then there is:&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;ERROR certificate-manager {&lt;/P&gt;&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; "translatable" : "An error occurred while invoking external command : '%(0)s'"&lt;/P&gt;&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; "localized" : "An error occurred while invoking external command: 'None'"&lt;/P&gt;&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; "Error while starting services, please see service-control log for more details"&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;I'm not certain where the service-control.log is, as it's not showing up in any of the KBBs for vCenter logs (6.x). Humph.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Fri, 27 Mar 2020 12:50:48 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/Error-certificate-failed-to-replace/m-p/1861647#M59808</guid>
      <dc:creator>GBartsch</dc:creator>
      <dc:date>2020-03-27T12:50:48Z</dc:date>
    </item>
    <item>
      <title>Re: Error, certificate failed to replace!</title>
      <link>https://communities.vmware.com/t5/vCenter-Server-Discussions/Error-certificate-failed-to-replace/m-p/1861648#M59809</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;service-control.log i located as below:&lt;/P&gt;&lt;P&gt;root@**** [ ~ ]# find . / | grep service-control.log&lt;/P&gt;&lt;P&gt;/storage/log/vmware/cloudvm/service-control.log&lt;/P&gt;&lt;P&gt;root@**** [ ~ ]#&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Sat, 04 Apr 2020 15:46:37 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/vCenter-Server-Discussions/Error-certificate-failed-to-replace/m-p/1861648#M59809</guid>
      <dc:creator>KocPawel</dc:creator>
      <dc:date>2020-04-04T15:46:37Z</dc:date>
    </item>
  </channel>
</rss>

