https://communities.vmware.com/t5/vCenter-Server-Discussions/VCenter-Server-Certificate-Change/m-p/2305188#M75699 <HTML><HEAD></HEAD><BODY><P>I believe your&nbsp; vcenter machine is deployed with ip deployment </P><P>if there is an IP deployment, the PNID is set as IP address. You have two options </P><P>1.Change pnid to FQDN instead of ip and replace with same cert - <A href="https://blogs.vmware.com/vsphere/2019/08/changing-your-vcenter-servers-fqdn.html" title="https://blogs.vmware.com/vsphere/2019/08/changing-your-vcenter-servers-fqdn.html">Changing your vCenter Server's FQDN - VMware vSphere Blog</A> </P><P>2. Include ip address in Subject alternative name and proceed to change cert (keeping pnid as ip)</P><P></P><P>thanks,</P><P>MS</P></BODY></HTML> Fri, 07 Aug 2020 12:19:49 GMT msripada 2020-08-07T12:19:49Z https://communities.vmware.com/t5/vCenter-Server-Discussions/VCenter-Server-Certificate-Change/m-p/2305187#M75698 <HTML><HEAD></HEAD><BODY><P>Hi All,</P><P>I hope everyone in the community is keeping safe during these changing times.</P><P></P><P>I am currently experiencing an issue with my VCenter Server 7.0 that I have deploy in my Environment. I am attempting to change the Machine_Cert with one that is signed by my internal certificate auth. Every time I attempt to change the certificate I get the following error '<SPAN style="color: #e9ecef; font-family: Metropolis, 'Avenir Next', 'Helvetica Neue', Arial, sans-serif; font-size: 13px; background-color: #882d31;">Error occurred while fetching tls: Exception found (Invalid input certificate : DNS in Subject Alternative Name is not correct. DNS Name must contain machine FQDN.).</SPAN></P><H6><SPAN style="color: #e9ecef; font-family: Metropolis, 'Avenir Next', 'Helvetica Neue', Arial, sans-serif; font-size: 13px; background-color: #882d31;"> </SPAN></H6><P>I have made sure that I am including the vcenter server hostname in the Subject Alternative Name so should all be working as expected. </P><P></P><P>CN = 172.16.0.30</P><P>Subject Alternatives that are included</P><P>DNS = vcserver.domain.local</P><P>DNS = vcserver</P><P></P><P>When I run the following command I get the output of 172.26.0.30 from my server. </P><P>'root@vcserver [ ~ ]# /usr/lib/vmware-vmafd/bin/vmafd-cli get-pnid --server-name localhost'&nbsp;&nbsp;&nbsp;&nbsp; </P><P>172.26.0.30</P><P></P><P>I have also compared the currently used Subject Alternatives to what is in my new certificate and these are the same. Has anyone seen this issue before or able to help out with fixing the issue?</P><P></P><P>Any suggestions would be appreciated.</P><P></P><P>Regards,</P><P>Tom</P></BODY></HTML> Thu, 06 Aug 2020 18:43:33 GMT https://communities.vmware.com/t5/vCenter-Server-Discussions/VCenter-Server-Certificate-Change/m-p/2305187#M75698 Teparky 2020-08-06T18:43:33Z https://communities.vmware.com/t5/vCenter-Server-Discussions/VCenter-Server-Certificate-Change/m-p/2305188#M75699 <HTML><HEAD></HEAD><BODY><P>I believe your&nbsp; vcenter machine is deployed with ip deployment </P><P>if there is an IP deployment, the PNID is set as IP address. You have two options </P><P>1.Change pnid to FQDN instead of ip and replace with same cert - <A href="https://blogs.vmware.com/vsphere/2019/08/changing-your-vcenter-servers-fqdn.html" title="https://blogs.vmware.com/vsphere/2019/08/changing-your-vcenter-servers-fqdn.html">Changing your vCenter Server's FQDN - VMware vSphere Blog</A> </P><P>2. Include ip address in Subject alternative name and proceed to change cert (keeping pnid as ip)</P><P></P><P>thanks,</P><P>MS</P></BODY></HTML> Fri, 07 Aug 2020 12:19:49 GMT https://communities.vmware.com/t5/vCenter-Server-Discussions/VCenter-Server-Certificate-Change/m-p/2305188#M75699 msripada 2020-08-07T12:19:49Z https://communities.vmware.com/t5/vCenter-Server-Discussions/VCenter-Server-Certificate-Change/m-p/2960687#M94224 <P>I dont think you can include the short name as a SAN. I have come accross the same problem</P><P>&nbsp;</P><P>CN was FQDN</P><P>SANs included IP and shortname</P><P>Removed SANs as not essential for us</P> Thu, 23 Mar 2023 18:46:38 GMT https://communities.vmware.com/t5/vCenter-Server-Discussions/VCenter-Server-Certificate-Change/m-p/2960687#M94224 burchell99 2023-03-23T18:46:38Z