VMware Cloud Community
mzhao5
Contributor
Contributor

"Error occurred while fetching tls: the trustAnchors parameter must be non-empty"

During replace with external CA certificate, it shows this error.  certificate should be fine.

 

any idea for this issue ?

Reply
0 Kudos
2 Replies
maksym007
Expert
Expert

Open WinSCP Use SFTP file protocol FQDN for hostname and root for user name After login, navigate to the /tmp folder or the folder you chose when exporting the csr and key Copy the files below to a directory on your local PC vmca_issued_csr.csr vmca_issued_key.key Use the copied csr file to submit to the CA authority Generate the cert for Apache use Once the cert is generated, download the file type as A P7B bundle of all the certs in a .p7b file Open the bundle after download Right click each cert > all tasks > export Click next to get you to the format options Select Base-64 encoded x.509 (.CER) Browse to a folder to export the .cer files too Use the following naming convention for each cert to make it easier to identify Vcenterhostname.domain.com: MachineSSL.cer DigiCert Global Root CA: Root.cer DigiCert TLS RSA SHA256 2020: Intermediate.cer
(Cert names should be similar depending on your CA)

Create the chain...

Open the newly created Intermediate.cer file with notepad Highlight and Copy everything in the open doc Open the Root.cer file with notepad Paste the information from the Intermediate.cer file to the top of the root.cer file. Save the Root.cer file but don’t close it  Select and copy all text in the Root.cer Open the MachineCert.cer file with notepad Paste the copied text from Root.cer file to the bottom of the doc You will now have the full chain and three certs embedded Save the machineSSL.cer file

Reply
0 Kudos
maksym007
Expert
Expert

Did it work, please provide with the update

Reply
0 Kudos