I installed vRealize Operations Manager 8.1 and tried to change the SSL certificate. I worked through VMware Knowledge Base but when I select the PEM file I get an error: Operation Failed. If the error persists contact VMware support.
I checked the PEM file with openssl and everything seems ok. In the casa.log I see this:
2020-10-05T12:01:54,157 [ee0005E1] [ajp-nio-127.0.0.1-8011-exec-6] INFO support.subprocess.GeneralCommand support.subprocess.GeneralCommand:255 - Command '/usr/lib/vmware-python-3/bin/python /usr/lib/vmware-casa/bin/vropsCertificateTool.py -i /storage/db/tmp/uploaded_cert.tmp --no_describe --json --level NONE' threw exception: CommandLineExitException: key=general.failure; args=1,Traceback (most recent call last):
File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 470, in _parse
self._parsed_object = Certificate(self.pem_data)
File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 167, in __init__
self._certificate_data = self.load_certificate(self._pem_data)
File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 299, in load_certificate
return OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, pem_data)
File "/usr/lib/python3.7/site-packages/OpenSSL/crypto.py", line 1825, in load_certificate
_raise_current_error()
File "/usr/lib/python3.7/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
raise exception_type(errors)
OpenSSL.crypto.Error: [('asn1 encoding routines', 'ASN1_CHECK_TLEN', 'wrong tag'), ('asn1 encoding routines', 'ASN1_ITEM_EX_D2I', 'nested asn1 error'), ('asn1 encoding routines', 'ASN1_TEMPLATE_NOEXP_D2I', 'nested asn1 error'), ('PEM routines', 'PEM_ASN1_read_bio', 'ASN1 lib')]
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 1583, in <module>
sys.exit(main(sys.argv))
File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 1531, in main
certificate_file = CertificateFile(input_files, fix=options.get('fix'))
File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 632, in __init__
self._parse_file(source_file)
File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 756, in _parse_file
self._parse_buffer(f)
File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 713, in _parse_buffer
section = Section(description, current_section, self._fixing)
File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 412, in __init__
self._parse(fixing)
File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 474, in _parse
cert_store = CertificateStore(self.pem_data)
File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 550, in __init__
self._parse(pem_data)
File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 562, in _parse
result = run_script([get_openssl_command(), 'pkcs7', '-print_certs'], stdin=pem_data)
File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 1275, in run_script
(process_stdout, process_stderr) = process_pipe.communicate(stdin)
File "/usr/lib/python3.7/subprocess.py", line 964, in communicate
stdout, stderr = self._communicate(input, endtime, timeout)
File "/usr/lib/python3.7/subprocess.py", line 1695, in _communicate
input_view = memoryview(self._input)
TypeError: memoryview: a bytes-like object is required, not 'str'
; cause=
2020-10-05T12:01:54,158 [ee0005E1] [ajp-nio-127.0.0.1-8011-exec-6] ERROR casa.security.SecurityService casa.security.SecurityService:1395 - Unexpected error during validateCertificate script execution: Traceback (most recent call last):
File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 470, in _parse
self._parsed_object = Certificate(self.pem_data)
File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 167, in __init__
self._certificate_data = self.load_certificate(self._pem_data)
File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 299, in load_certificate
return OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, pem_data)
File "/usr/lib/python3.7/site-packages/OpenSSL/crypto.py", line 1825, in load_certificate
_raise_current_error()
File "/usr/lib/python3.7/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
raise exception_type(errors)
OpenSSL.crypto.Error: [('asn1 encoding routines', 'ASN1_CHECK_TLEN', 'wrong tag'), ('asn1 encoding routines', 'ASN1_ITEM_EX_D2I', 'nested asn1 error'), ('asn1 encoding routines', 'ASN1_TEMPLATE_NOEXP_D2I', 'nested asn1 error'), ('PEM routines', 'PEM_ASN1_read_bio', 'ASN1 lib')]
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 1583, in <module>
sys.exit(main(sys.argv))
File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 1531, in main
certificate_file = CertificateFile(input_files, fix=options.get('fix'))
File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 632, in __init__
self._parse_file(source_file)
File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 756, in _parse_file
self._parse_buffer(f)
File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 713, in _parse_buffer
section = Section(description, current_section, self._fixing)
File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 412, in __init__
self._parse(fixing)
File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 474, in _parse
cert_store = CertificateStore(self.pem_data)
File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 550, in __init__
self._parse(pem_data)
File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 562, in _parse
result = run_script([get_openssl_command(), 'pkcs7', '-print_certs'], stdin=pem_data)
File "/usr/lib/vmware-casa/bin/vropsCertificateTool.py", line 1275, in run_script
(process_stdout, process_stderr) = process_pipe.communicate(stdin)
File "/usr/lib/python3.7/subprocess.py", line 964, in communicate
stdout, stderr = self._communicate(input, endtime, timeout)
File "/usr/lib/python3.7/subprocess.py", line 1695, in _communicate
input_view = memoryview(self._input)
TypeError: memoryview: a bytes-like object is required, not 'str'
I think the file is uploaded and checked but then something goes wrong. I already checked the order of the certificates in the PEM file (Certificate, Private Key, CA Certificate).
Consider giving Kudos if you think my response helped you in any way.
