aj800
Enthusiast
Enthusiast

Upgrade to 6.7 pre-upgrade check fail due to cert validation

Jump to solution

We have a valid SSL certificate we've been using that was issued from our enterprise CA.  Everything shows green (green lock in browser).  The roots are good, the host is good, or at least, the multiple browsers all say so.  When I go to run the upgrade from 6.5U3 to 6.7U3, it deploys the appliance, but I keep getting this message below during Phase 2 and cannot get past it.  I've tried resetting the certs but that keeps breaking everything (and creates additional errors), the PSC, web client, and in particular, the VUM (VMware Update Manager), which fails to start (the service) after a reboot.  It's like it's not resetting back to the VMware default properly.  There is a Trusted Root cert in the store that is expired, but when I remove it using a VMware KB that makes it actually disappear (unlike from the PSC where it appears to only be deleted from the screen) that is what breaks the VUM.  What am I missing?

Screen Shot 2019-09-26 at 12.36.46 PM.png

0 Kudos
1 Solution

Accepted Solutions
aj800
Enthusiast
Enthusiast

After fighting with several certificate store changes, breaking some things by doing that and reverting back to snapshots several times, it was determined that it was an STS certificate issue (Security Token Service for SSO) described in the following KB with a solution to fix that worked for me:

VMware Knowledge Base

View solution in original post

0 Kudos
1 Reply
aj800
Enthusiast
Enthusiast

After fighting with several certificate store changes, breaking some things by doing that and reverting back to snapshots several times, it was determined that it was an STS certificate issue (Security Token Service for SSO) described in the following KB with a solution to fix that worked for me:

VMware Knowledge Base

View solution in original post

0 Kudos