When adding a vCenter 5.5 Server to Orchestrator 5.5u1 I get the error:
InternalError: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints (Workflow:Import a certificate from URL / Validate (item1)#6)
This vCenter server has been upgraded to 5.5 from numerous previous versions of vCenter.
Any suggestions on how I can add this server?
The Google machine references SSL, MD5 compatibility issues.
Thoughts?
~Alex
Maybe some of the certificates has too short key, or uses an algorithm which is not supported anymore. You may try to somewhat relax the restrictions.
Look for a file named java.security (in vCO appliance, it is located at /usr/java/jre-vmware/lib/security/java.security. Open it with a text editor and look for the property jdk.certpath.disabledAlgorithms. Its default value is something like
jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
which disables short keys (< 1024 bits). Check if your certificates violates some of the restrictions defined by this property, and if yes, remove the restriction from the property value. Save the file and restart the vCO appliance for change to take effect.
I haven't actually tried these steps, but in theory they should work.
Maybe some of the certificates has too short key, or uses an algorithm which is not supported anymore. You may try to somewhat relax the restrictions.
Look for a file named java.security (in vCO appliance, it is located at /usr/java/jre-vmware/lib/security/java.security. Open it with a text editor and look for the property jdk.certpath.disabledAlgorithms. Its default value is something like
jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024
which disables short keys (< 1024 bits). Check if your certificates violates some of the restrictions defined by this property, and if yes, remove the restriction from the property value. Save the file and restart the vCO appliance for change to take effect.
I haven't actually tried these steps, but in theory they should work.
I verified that the vCenter was using an old 512 size certificate. I changed the file as described here and I was able to successfully add the vCenter server to vCO.
Marked as Resolved
Thank You
~Alex Allen C.
If the error is seen in VMware Horizon follow KB76348.