VMware Cloud Community
laakness
Contributor
Contributor
Jump to solution

vCenter not connecting after upgrade to 2.0

I just upgraded to version 2.0 GA and after it finished I got a message about it not being able to connect to one of my vCenter servers.  It was working prior to the upgrade.

When I try and test the connection I get the following error: HTTP transport error: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints

I have restarted vCenter services with no change in behavior.  vCenter version is 5.0 Update 2

1 Solution

Accepted Solutions
laakness
Contributor
Contributor
Jump to solution

The issue has been resolved.  It was due to our vCenter server having a 512-bit SSL on it (was a previous upgrade from 4.0).

LogInsight 2.0's Java security settings require the SSL to be at least 1024-bit.  As a temporary work around support modified the settings to only need a 512-bit key.  A restart of Log Insight was required.

I am good with this fix since we have plans to deploy a new vCenter server in the coming months.

View solution in original post

Reply
0 Kudos
9 Replies
billrothjr
VMware Employee
VMware Employee
Jump to solution

I'll defer to my colleagues, but definitely file a ticket with support so we can track it.

Thanks.

------
Bill Roth, VMware
laakness
Contributor
Contributor
Jump to solution

Thanks Bill, I opened a case and uploaded the support bundle.  I'll reply back once resolved.    

Reply
0 Kudos
billrothjr
VMware Employee
VMware Employee
Jump to solution

ok. can you post the ticket number, or email at broth at VMware dot com, if you want to keep it private? I can push it internally.

------
Bill Roth, VMware
Reply
0 Kudos
laakness
Contributor
Contributor
Jump to solution

The issue has been resolved.  It was due to our vCenter server having a 512-bit SSL on it (was a previous upgrade from 4.0).

LogInsight 2.0's Java security settings require the SSL to be at least 1024-bit.  As a temporary work around support modified the settings to only need a 512-bit key.  A restart of Log Insight was required.

I am good with this fix since we have plans to deploy a new vCenter server in the coming months.

Reply
0 Kudos
billrothjr
VMware Employee
VMware Employee
Jump to solution

Thanks for the followup.

------
Bill Roth, VMware
Reply
0 Kudos
ikiris
Enthusiast
Enthusiast
Jump to solution

laakness , Do you happen to know the setting that they tweaked in order to use the 512-bit key? I have the same scenario for my lab vcenter.

-Chris- http://www.twitter.com/ikiris http://blog.chrischua.net
Reply
0 Kudos
laakness
Contributor
Contributor
Jump to solution

Yep, here you go.

Login as root via SSH or Console.

vi /usr/java/jre1.7.0_51/lib/security/java.security

search for jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024

Change 1024 to 512 and restart Log insight.

ikiris
Enthusiast
Enthusiast
Jump to solution

Thanks! that worked

-Chris- http://www.twitter.com/ikiris http://blog.chrischua.net
Reply
0 Kudos
Tina07
VMware Employee
VMware Employee
Jump to solution

For similar error in VMware Horizon follow Certificates do not conform to algorithm constraints.

Reply
0 Kudos