I have installed VMware Skyline Health Diagnostics for vSphere v2.5.0 and still experiencing this for Tool update and VCG update tabs as seen in the screenshots. Looks like the appliance missing the CA certs hence failing the SSL handshake?
I can also see the following in the logs:
2021-05-27 08:05:25,779 vmware-shd-update INFO view_decorators:108 Checking for the availability of new updates started.
2021-05-27 08:05:25,780 vmware-shd-update INFO view_decorators:108 Downloading https://shd-download.vmware.com/2.5/manifest/manifest.xml to /opt/vmware-shd/vmware-shd/temp/manifest/manifest.xml
2021-05-27 08:05:25,797 vmware-shd-update ERROR view_decorators:108 Downloading https://shd-download.vmware.com/2.5/manifest/manifest.xml failed - HTTPSConnectionPool(host='shd-download.vmware.comt=443): Max retries exceeded with url: /2.5/manifest/manifest.xml (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')])
Traceback (most recent call last):
File "/usr/lib/python3.7/site-packages/urllib3/contrib/pyopenssl.py", line 444, in wrap_socket
File "/usr/lib/python3.7/site-packages/OpenSSL/SSL.py", line 1907, in do_handshake
File "/usr/lib/python3.7/site-packages/OpenSSL/SSL.py", line 1639, in _raise_ssl_error
File "/usr/lib/python3.7/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
OpenSSL.SSL.Error: [('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')]
Any assistance is much appreciated. Thanks in advance.
@moojungl Is there any proxy in the environment working in MITM mode. In such cases the certificate received at the connection initiator is from proxy server and not the actual target. Since this will be untrusted on SHD, connection will fail.
Let me know if this helps.
@ksram , Thanks for the response. It is really appreciated. We do not use proxy for the internet access however all the traffic goes via the f/w which we found that one of the rule had a SSL check enabled which was causing this. The issue has been fixed by making required changes at the F/W level. It seems working fine now. Thanks again for your response. It's really appreciated.