vishy3
Enthusiast
Enthusiast

Replication Plugin Certificate mismatch

I am facing this issue using VR plugin 8.1.2 or even 8.2.0 using standalone vRO 7.4 or even embedded vRA/vRO 7.4 with vCenter 6.5 Version 6.5.0.20000 Build 9451637


So far uninstalling plugin/re-install, restart vCO configuration/vco-server didnt help. Updated proper certificate on vRO/import certificate in VRO. Any idea how to fix this...

Log history captured below

16/09/201909:57:08.425

2019-09-15 23:57:08.425+0000 vco: [component="VcoDelegatingWebFacade" priority="ERROR" thread="http-nio-127.0.0.1-8280-exec-7" user="" context="" token="" wfid="" wfname="" anctoken="" wfstack="" instanceid="41297bfe-a61c-462b-9d69-6137f383674c"] Server Error...

  1. ch.dunes.model.sdk.SDKFinderException: Unable to execute 'fetchRelation' for type : Site : com.vmware.vim.vmomi.client.exception.SslException: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain is not trusted and thumbprint doesn't match

         at ch.dunes.vso.sdk.SDKFinder.logAndThrow(SDKFinder.java:914)

         at ch.dunes.vso.sdk.SDKFinder.fetchRelation(SDKFinder.java:387)

         at ch.dunes.vso.sdk.SDKFinder._findRelation(SDKFinder.java:352)

         at ch.dunes.vso.sdk.SDKFinder.findRelation(SDKFinder.java:267)

         at ch.dunes.vso.sdk.ModulesFactory.findRelation(ModulesFactory.java:654)

         at com.vmware.o11n.sdk.EnhancedScriptingSDK.findRelation(EnhancedScriptingSDK.java:136)

         at com.vmware.o11n.service.sdk.SdkModuleServiceImpl.findRelation(SdkModuleServiceImpl.java:79)

         at com.vmware.o11n.service.factory.VcoFactoryFacade.findRelation(VcoFactoryFacade.java:1902)

         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

         at java.lang.reflect.Method.invoke(Method.java:498)

         at com.vmware.o11n.service.security.AccessRightsInterceptor.invoke(AccessRightsInterceptor.java:98)

         at com.vmware.o11n.service.security.AccessRightsInterceptor.invoke(AccessRightsInterceptor.java:89)

         at com.vmware.o11n.service.webremoting.VcoDelegatingWebFacade.invokeOperation(VcoDelegatingWebFacade.java:105)

         at com.vmware.o11n.integration.initialization.VcoFactoryServiceFacadeProxy.invokeOperation(VcoFactoryServiceFacadeProxy.java:86)

         at sun.reflect.GeneratedMethodAccessor402.invoke(Unknown Source)

         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

         at java.lang.reflect.Method.invoke(Method.java:498)

         at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333)

         at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:207)

         at com.sun.proxy.$Proxy24.invokeOperation(Unknown Source)

         at sun.reflect.GeneratedMethodAccessor401.invoke(Unknown Source)

         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

         at java.lang.reflect.Method.invoke(Method.java:498)

         at org.springframework.remoting.support.RemoteInvocation.invoke(RemoteInvocation.java:212)

         at org.springframework.remoting.support.DefaultRemoteInvocationExecutor.invoke(DefaultRemoteInvocationExecutor.java:39)

         at org.springframework.remoting.support.RemoteInvocationBasedExporter.invoke(RemoteInvocationBasedExporter.java:78)

         at org.springframework.remoting.support.RemoteInvocationBasedExporter.invokeAndCreateResult(RemoteInvocationBasedExporter.java:114)

         at org.springframework.remoting.httpinvoker.HttpInvokerServiceExporter.handleRequest(HttpInvokerServiceExporter.java:80)

         at org.springframework.web.context.support.HttpRequestHandlerServlet.service(HttpRequestHandlerServlet.java:67)

         at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)

         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)

         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

         at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:317)

         at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127)

         at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)

         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

         at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)

         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

         at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)

         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

         at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)

         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

         at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:215)

         at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

         at com.vmware.o11n.web.auth.http.TokenAuthenticationFilter.doFilter(TokenAuthenticationFilter.java:67)

         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

         at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)

         at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

         at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)

         at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

         at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)

         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

         at org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:157)

         at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)

         at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)

         at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)

         at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:347)

         at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:263)

         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

         at com.vmware.o11n.service.spring.bootstrap.SecureSerializationFilter.doFilter(SecureSerializationFilter.java:30)

         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

         at net.sf.ehcache.constructs.web.filter.GzipFilter.doFilter(GzipFilter.java:95)

         at net.sf.ehcache.constructs.web.filter.Filter.doFilter(Filter.java:86)

         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

         at com.vmware.o11n.service.spring.bootstrap.WebRemotingActiveNodeFilter.doFilter(WebRemotingActiveNodeFilter.java:38)

         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

         at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)

         at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

         at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:613)

         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)

         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)

         at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:677)

         at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650)

         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)

         at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)

         at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

         at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:790)

         at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)

         at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

         at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

         at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

         at java.lang.Thread.run(Thread.java:748)

Caused by: java.lang.reflect.InvocationTargetException

         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

         at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

         at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

         at java.lang.reflect.Method.invoke(Method.java:498)

         at ch.dunes.vso.sdk.DirectInvoker.invoke(DirectInvoker.java:57)

         at ch.dunes.vso.sdk.SDKPluginFactoryInvoker.fetchRelation(SDKPluginFactoryInvoker.java:47)

         at ch.dunes.vso.sdk.SDKFinder.fetchRelation(SDKFinder.java:377)

         ... 94 more

Caused by: com.vmware.vim.vmomi.client.exception.SslException: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain is not trusted and thumbprint doesn't match

         at com.vmware.vim.vmomi.client.common.impl.ResponseImpl.setError(ResponseImpl.java:250)

         at com.vmware.vim.vmomi.client.http.impl.HttpExchange.run(HttpExchange.java:51)

         at com.vmware.vim.vmomi.client.http.impl.HttpProtocolBindingBase.executeRunnable(HttpProtocolBindingBase.java:226)

         at com.vmware.vim.vmomi.client.http.impl.HttpProtocolBindingImpl.send(HttpProtocolBindingImpl.java:110)

         at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl$CallExecutor.sendCall(MethodInvocationHandlerImpl.java:580)

         at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl$CallExecutor.executeCall(MethodInvocationHandlerImpl.java:561)

         at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.completeCall(MethodInvocationHandlerImpl.java:347)

         at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.invokeOperation(MethodInvocationHandlerImpl.java:307)

         at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.invoke(MethodInvocationHandlerImpl.java:181)

         at com.sun.proxy.$Proxy467.list(Unknown Source)

         at com.vmware.hms.o11n.connection.impl.server.LsClient.getVcServiceRegistrationList(LsClient.java:69)

         at com.vmware.hms.o11n.connection.impl.server.LsClient.getVcServiceRegistration(LsClient.java:58)

         at com.vmware.hms.o11n.connection.impl.server.VcRegistrationLsCheck.<init>(VcRegistrationLsCheck.java:31)

         at com.vmware.hms.o11n.model.builder.VcEndpointBuilder.build(VcEndpointBuilder.java:33)

         at com.vmware.hms.o11n.model.builder.VcRemoteSiteBuilder.build(VcRemoteSiteBuilder.java:44)

         at com.vmware.hms.o11n.model.builder.VcRemoteSiteBuilder.build(VcRemoteSiteBuilder.java:33)

         at com.vmware.hms.o11n.model.Site.getVcRemoteSites(Site.java:61)

         at com.vmware.hms.o11n.model.finder.SiteToVcRemoteSiteRelationFinder.findChilrenInRelationFor(SiteToVcRemoteSiteRelationFinder.java:14)

         at com.vmware.hms.o11n.HmsPluginFactory.findChildrenInRelation(HmsPluginFactory.java:125)

         at com.vmware.o11n.plugin.sdk.spring.AbstractSpringPluginFactory.findRelation(AbstractSpringPluginFactory.java:134)

         ... 101 more

Caused by: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain is not trusted and thumbprint doesn't match

         at com.vmware.vim.vmomi.client.http.impl.ClientExceptionTranslator.translate(ClientExceptionTranslator.java:54)

         ... 121 more

Caused by: com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain not verified

         at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager$HostnameVerifier.handleHandshakeException(ThumbprintTrustManager.java:511)

         at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager$HostnameVerifier.verify(ThumbprintTrustManager.java:361)

         at com.vmware.vim.vmomi.client.http.impl.VlsiSslSocketFactory.verifyHostname(VlsiSslSocketFactory.java:129)

         at com.vmware.vim.vmomi.client.http.impl.VlsiSslSocketFactory.createLayeredSocket(VlsiSslSocketFactory.java:122)

         at com.vmware.vim.vmomi.client.http.impl.VlsiSslSocketFactory.connectSocket(VlsiSslSocketFactory.java:88)

         at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)

         at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:373)

         at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)

         at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)

         at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)

         at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)

         at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)

         at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)

         at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)

         at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)

         at com.vmware.vim.vmomi.client.http.impl.HttpExchange.run(HttpExchange.java:45)

         ... 119 more

Caused by: javax.net.ssl.SSLHandshakeException: com.vmware.vim.vmomi.client.exception.VlsiCertificateException: Server certificate chain is not trusted and thumbprint doesn't match

         at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

         at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)

         at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)

         at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)

         at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)

         at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)

         at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)

         at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)

         at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)

         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)

         at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)

         at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)

         at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager$HostnameVerifier.verify(ThumbprintTrustManager.java:359)

         ... 133 more

Caused by: com.vmware.vim.vmomi.client.exception.VlsiCertificateException: Server certificate chain is not trusted and thumbprint doesn't match

         at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager.checkServerTrusted(ThumbprintTrustManager.java:183)

         at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:985)

         at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)

         ... 141 more

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

 

Tags (1)
0 Kudos
0 Replies