Highlighted
Contributor
Contributor

vCenter not connecting after upgrade to 2.0

Jump to solution

I just upgraded to version 2.0 GA and after it finished I got a message about it not being able to connect to one of my vCenter servers.  It was working prior to the upgrade.

When I try and test the connection I get the following error: HTTP transport error: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints

I have restarted vCenter services with no change in behavior.  vCenter version is 5.0 Update 2

1 Solution

Accepted Solutions
Highlighted
Contributor
Contributor

The issue has been resolved.  It was due to our vCenter server having a 512-bit SSL on it (was a previous upgrade from 4.0).

LogInsight 2.0's Java security settings require the SSL to be at least 1024-bit.  As a temporary work around support modified the settings to only need a 512-bit key.  A restart of Log Insight was required.

I am good with this fix since we have plans to deploy a new vCenter server in the coming months.

View solution in original post

0 Kudos
9 Replies
Highlighted
VMware Employee
VMware Employee

I'll defer to my colleagues, but definitely file a ticket with support so we can track it.

Thanks.

Highlighted
Contributor
Contributor

Thanks Bill, I opened a case and uploaded the support bundle.  I'll reply back once resolved.    

0 Kudos
Highlighted
VMware Employee
VMware Employee

ok. can you post the ticket number, or email at broth at VMware dot com, if you want to keep it private? I can push it internally.

0 Kudos
Highlighted
Contributor
Contributor

The issue has been resolved.  It was due to our vCenter server having a 512-bit SSL on it (was a previous upgrade from 4.0).

LogInsight 2.0's Java security settings require the SSL to be at least 1024-bit.  As a temporary work around support modified the settings to only need a 512-bit key.  A restart of Log Insight was required.

I am good with this fix since we have plans to deploy a new vCenter server in the coming months.

View solution in original post

0 Kudos
Highlighted
VMware Employee
VMware Employee

Thanks for the followup.

0 Kudos
Highlighted
Enthusiast
Enthusiast

laakness , Do you happen to know the setting that they tweaked in order to use the 512-bit key? I have the same scenario for my lab vcenter.

-Chris- http://www.twitter.com/ikiris http://blog.chrischua.net
0 Kudos
Highlighted
Contributor
Contributor

Yep, here you go.

Login as root via SSH or Console.

vi /usr/java/jre1.7.0_51/lib/security/java.security

search for jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024

Change 1024 to 512 and restart Log insight.

Highlighted
Enthusiast
Enthusiast

Thanks! that worked

-Chris- http://www.twitter.com/ikiris http://blog.chrischua.net
0 Kudos
Highlighted
VMware Employee
VMware Employee

For similar error in VMware Horizon follow Certificates do not conform to algorithm constraints.

0 Kudos