Hello - looking for some advice on an vCenter upgrade I'm attempting from 6.7 U3 to 7.0 U3.
I ran pre-checks using Skyline Health Diagnostics and I have one pre-check failure:
VC_UPC.VCSA.CertSANCheck: Certificate SAN DNS and FQDN Check
vCenter Server 7.0 requires Machine FQDN to be past of SubjectAltName of Certificate
Resolution:
Investigation Details:
Data Collection Time: 2023-01-12T19:50:13
Certificate: vCenter Rhttpproxy TLS Certificate has no DNS Name in SubjectAltName
Certificate Subject Alternative Names
Certificate FQDN SAN-DNS Status
| vCenter Rhttpproxy TLS Certificate | (correct FQDN - redacted) | [] | RED |
One of more Certificates on vCenter have no or incorrect DNS in SubjectAltName
I have checked the certs on the VCSA and the TRUSTED_ROOTS cert does indeed have a SAN set to the following (which I understand is the default):
But given, the error above appears to say the issue is with the vCenter Rhttpproxy TLS Certificate (which I'm not sure is a VCSA or ESXi cert?).
So my question is, which course of action would you recommend to fix this issue?
a) A complete renewal of all certs in the environment?
b) A refresh of the ESXi certs?
c) ?
BTW - we're using VMCA-signed certs in this environment.
TIA.
