5 Replies Latest reply on Nov 29, 2018 11:17 PM by parmarr

    com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain not verified

    bhefer Novice

      Hi,

       

      ok, big failure to reboot the vCenter Server Appliance 5.1 (i think...)...

       

      Now I have the problem that I am not able to login to the vSphere Webclient:

      whenever I want to login through a browser (Firefox, Chrome, Chromium, etc.) I always get the following message:

      Cannot connect to vCenter Single Sign On server https://xx.xx.xx.xx:7444/ims/STSService. The SSL certificate cannot be verified.

       

      I looked around and found KB 2036505 which describes my problem but I am not in a Windows world...

       

      This is the relevant output of /var/log/vmware/vsphere-client/logs/vsphere_client_virgo.log:

       

      [2013-06-17 21:37:30.613] INFO  [INFO ] http-bio-9443-exec-3          com.vmware.vise.security.SessionListener                          Session 4B44EFE54445BE96023AAF69BB52545B created.

      [2013-06-17 21:37:30.615] INFO  [INFO ] http-bio-9443-exec-3          org.springframework.flex.servlet.MessageBrokerHandlerAdapter      Channel endpoint secure-amf received request.

      [2013-06-17 21:37:30.704] INFO  [INFO ] http-bio-9443-exec-3          org.springframework.flex.servlet.MessageBrokerHandlerAdapter      Channel endpoint secure-amf received request.

      [2013-06-17 21:37:30.913] INFO  [INFO ] http-bio-9443-exec-6          org.springframework.flex.servlet.MessageBrokerHandlerAdapter      Channel endpoint secure-amf received request.

      [2013-06-17 21:37:30.914] INFO  [INFO ] http-bio-9443-exec-3         47724A20A3AF5A982FCD63C3FA9D1941 org.springframework.flex.servlet.MessageBrokerHandlerAdapter      Channel endpoint secure-amf received request.

      [2013-06-17 21:37:30.943] INFO  [INFO ] http-bio-9443-exec-3         47724A20A3AF5A982FCD63C3FA9D1941 org.springframework.flex.servlet.MessageBrokerHandlerAdapter      Channel endpoint secure-amf received request.

      [2013-06-17 21:37:30.944] INFO  [INFO ] http-bio-9443-exec-3         47724A20A3AF5A982FCD63C3FA9D1941 c.vmware.vsphere.client.usersession.impl.UserSessionServiceImpl   getUserSession called on an inactive session.

      [2013-06-17 21:37:31.856] INFO  [INFO ] http-bio-9443-exec-3         47724A20A3AF5A982FCD63C3FA9D1941 org.springframework.flex.servlet.MessageBrokerHandlerAdapter      Channel endpoint secure-amf received request.

      [2013-06-17 21:37:31.914] INFO  [INFO ] http-bio-9443-exec-3          org.springframework.flex.servlet.MessageBrokerHandlerAdapter      Channel endpoint secure-amf received request.

      [2013-06-17 21:37:31.945] INFO  [INFO ] http-bio-9443-exec-3          org.springframework.flex.servlet.MessageBrokerHandlerAdapter      Channel endpoint secure-amf received request.

      [2013-06-17 21:37:31.966] INFO  [INFO ] data-service-pool-1           com.vmware.vsphere.client.security.VcDirectory                    Reading VcDirectory file on the disk.

      [2013-06-17 21:37:31.966] INFO  [INFO ] data-service-pool-1           com.vmware.vsphere.client.security.VcDirectory                    VcDirectory file not found.

      [2013-06-17 21:37:31.966] INFO  [INFO ] data-service-pool-1           com.vmware.vsphere.client.security.VcDirectory                    No data in VcDirectory file.

      [2013-06-17 21:37:31.966] INFO  [INFO ] data-service-pool-1           com.vmware.vsphere.client.security.VcDirectory                    No vc's found in the directory.

      [2013-06-17 21:37:31.973] WARN  [WARN ] http-bio-9443-exec-3          com.vmware.vise.data.query.impl.ResultDirectory                   Type cannot be resolved for ManagedObjectReference: type = VcDirectory, value = VcDirectory, serverGuid = VcDirectory

      [2013-06-17 21:37:42.820] INFO  [INFO ] http-bio-9443-exec-3         47724A20A3AF5A982FCD63C3FA9D1941 com.vmware.vise.util.i18n.I18nFilter                              The preferred locale for session 47724A20A3AF5A982FCD63C3FA9D1941 is set to: de_DE

      [2013-06-17 21:37:42.826] INFO  [INFO ] http-bio-9443-exec-3         47724A20A3AF5A982FCD63C3FA9D1941 com.vmware.vise.security.DefaultAuthenticationProvider            Authenticating user: root using authentication handler: $Proxy348

      [2013-06-17 21:37:42.828] INFO  [INFO ] http-bio-9443-exec-3         47724A20A3AF5A982FCD63C3FA9D1941 com.vmware.vise.vim.security.sso.impl.SsoUtilInternal             Preparing the STS configuration for https://10.0.100.90:7444/ims/STSService

      [2013-06-17 21:37:42.828] INFO  [INFO ] http-bio-9443-exec-3         47724A20A3AF5A982FCD63C3FA9D1941 com.vmware.vise.vim.security.sso.impl.SsoUtilInternal             Requesting all STS trusted root certificates from https://10.0.100.90:7444/sso-adminserver/sdk

      [2013-06-17 21:37:42.848] ERROR [ERROR] http-bio-9443-exec-3         47724A20A3AF5A982FCD63C3FA9D1941 com.vmware.vsphere.client.security.sso.SsoAuthenticationHandler   CertificateValidationException when connecting to the SSO server. com.vmware.vim.vmomi.core.exception.CertificateValidationException: Server certificate chain not verified

        at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager$HostnameVerifier.verify(ThumbprintTrustManager.java:217)

        at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:339)

        at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:123)

        at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:147)

        at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:108)

        at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:415)

        at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:641)

        at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:576)

        at com.vmware.vim.vmomi.client.http.impl.HttpExchange.run(HttpExchange.java:111)

        at com.vmware.vim.vmomi.client.http.impl.HttpProtocolBindingImpl.send(HttpProtocolBindingImpl.java:98)

        at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl$CallExecutor.sendCall(MethodInvocationHandlerImpl.java:526)

        at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl$CallExecutor.executeCall(MethodInvocationHandlerImpl.java:507)

        at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.completeCall(MethodInvocationHandlerImpl.java:295)

        at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.invokeOperation(MethodInvocationHandlerImpl.java:265)

        at com.vmware.vim.vmomi.client.common.impl.MethodInvocationHandlerImpl.invoke(MethodInvocationHandlerImpl.java:169)

        at $Proxy176.retrieveServiceContent(Unknown Source)

        at com.vmware.vise.vim.security.sso.impl.SsoUtilInternal.getSsoAdminServiceContent(SsoUtilInternal.java:201)

        at com.vmware.vise.vim.security.sso.impl.SsoUtilInternal.getStsRootCertificates(SsoUtilInternal.java:224)

        at com.vmware.vise.vim.security.sso.impl.SsoUtilInternal.createStsConfiguration(SsoUtilInternal.java:340)

        at com.vmware.vise.vim.security.sso.impl.SsoServiceImpl.getStsConfig(SsoServiceImpl.java:135)

        at com.vmware.vise.vim.security.sso.impl.SsoServiceImpl.createStsObjectPool(SsoServiceImpl.java:163)

        at com.vmware.vise.vim.security.sso.impl.SsoServiceImpl.getSts(SsoServiceImpl.java:102)

        at com.vmware.vise.vim.security.sso.impl.SsoServiceImpl.acquireToken(SsoServiceImpl.java:181)

        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

        at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

        at java.lang.reflect.Method.invoke(Unknown Source)

        at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:309)

        at org.springframework.osgi.service.importer.support.internal.aop.ServiceInvoker.doInvoke(ServiceInvoker.java:58)

        at org.springframework.osgi.service.importer.support.internal.aop.ServiceInvoker.invoke(ServiceInvoker.java:62)

        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)

        at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)

        at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)

        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)

        at org.springframework.osgi.service.importer.support.LocalBundleContextAdvice.invoke(LocalBundleContextAdvice.java:59)

        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)

        at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)

        at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)

        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)

        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)

        at $Proxy193.acquireToken(Unknown Source)

        at com.vmware.vsphere.client.security.sso.SsoAuthenticationHandler.authenticate(SsoAuthenticationHandler.java:98)

        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

        at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

        at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

        at java.lang.reflect.Method.invoke(Unknown Source)

        at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:309)

        at org.springframework.osgi.service.importer.support.internal.aop.ServiceInvoker.doInvoke(ServiceInvoker.java:58)

        at org.springframework.osgi.service.importer.support.internal.aop.ServiceInvoker.invoke(ServiceInvoker.java:62)

        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)

        at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)

        at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)

        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)

        at org.springframework.osgi.service.importer.support.LocalBundleContextAdvice.invoke(LocalBundleContextAdvice.java:59)

        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)

        at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)

        at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)

        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)

        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)

        at $Proxy348.authenticate(Unknown Source)

        at com.vmware.vise.security.DefaultAuthenticationProvider.authenticate(DefaultAuthenticationProvider.java:146)

        at org.springframework.security.authentication.ProviderManager.doAuthentication(ProviderManager.java:130)

        at org.springframework.security.authentication.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:48)

        at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:97)

        at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)

        at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)

        at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)

        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)

        at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:169)

        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)

        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

        at com.vmware.vise.security.FlexLoginFilter.doFilterInternal(FlexLoginFilter.java:45)

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

        at com.vmware.vise.util.i18n.I18nFilter.doFilterInternal(I18nFilter.java:43)

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

        at com.vmware.vise.security.SessionManagementFilter.doFilterInternal(SessionManagementFilter.java:30)

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

        at com.vmware.vsphere.client.logging.MDCLogFilter.doFilterInternal(MDCLogFilter.java:43)

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

        at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)

        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)

        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224)

        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)

        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)

        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)

        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)

        at org.eclipse.virgo.web.tomcat.support.ApplicationNameTrackingValve.invoke(ApplicationNameTrackingValve.java:33)

        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)

        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)

        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)

        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:987)

        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:579)

        at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309)

        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)

        at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

        at java.lang.Thread.run(Unknown Source)

      Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

        at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source)

        at com.vmware.vim.vmomi.client.http.impl.ThumbprintTrustManager$HostnameVerifier.verify(ThumbprintTrustManager.java:206)

        ... 109 common frames omitted

       

      I also found the directory described in the KB for Windows (/storage/db/vsphere-client, file MNNextVcDirectory) but removing the file didn't help.

       

      Any ideas to fix this problem? I have not updated the server nor changed the configuration. Just rebooted...

       

      Thanks

      Bernd