VMware Cloud Community
wangtao2134
Contributor
Contributor
‎10-16-2019 07:36 PM

"Certificate chain is not valid" Deployment vRA 7.6 by VCF3.8.1 Error

My demon is VCF3.8.1 +VxRail 4.7.300,  in SDDC Manager, Configure Certificate Authority is ok.

when i deployed the vRA by sddc manager, touch the issue. below is log infomation:

Failure: Command execution result: Command id: e88d7081-7b2c-332d-42a0-178ebabc37ae Type: vra-certificate-import Node id: cafe.node.583296594.17063 Node host: vra03.dellbjebc.com Result: Failed to import vRA certificate. Check /var/log/messages for more details. Result description: Status: FAILED Error: {"35000":"---BEGIN---\n{\"code\":400,\"message\":\"Certificate chain is not valid.\"}\n---END---\n\nUse -e option to get more details.\n"}

com.vmware.vrealize.lcm.common.exception.EngineException: Failure: Command execution result:

Command id: e88d7081-7b2c-332d-42a0-178ebabc37ae

   Type: vra-certificate-import

   Node id: cafe.node.583296594.17063

   Node host: vra03.dellbjebc.com

   Result: Failed to import vRA certificate. Check /var/log/messages for more details.

   Result description:

   Status: FAILED

  Error: {"35000":"---BEGIN---\n{\"code\":400,\"message\":\"Certificate chain is not valid.\"}\n---END---\n\nUse -e option to get more details.\n"}

at com.vmware.vrealize.lcm.plugin.core.vra70.task.cafe.ImportCafeCertificateTask.execute(ImportCafeCertificateTask.java:78)

at com.vmware.vrealize.lcm.platform.automata.core.ExecutionTask.run(ExecutionTask.java:41)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)

at java.lang.Thread.run(Thread.java:748)

Failure: Command execution result: Command id: e88d7081-7b2c-332d-42a0-178ebabc37ae Type: vra-certificate-import Node id: cafe.node.583296594.17063 Node host: vra03.dellbjebc.com Result: Failed to import vRA certificate. Check /var/log/messages for more details. Result description: Status: FAILED Error: {"35000":"---BEGIN---\n{\"code\":400,\"message\":\"Certificate chain is not valid.\"}\n---END---\n\nUse -e option to get more details.\n"}

com.vmware.vrealize.lcm.common.exception.EngineException: Failure: Command execution result:

Command id: e88d7081-7b2c-332d-42a0-178ebabc37ae

   Type: vra-certificate-import

   Node id: cafe.node.583296594.17063

   Node host: vra03.dellbjebc.com

   Result: Failed to import vRA certificate. Check /var/log/messages for more details.

   Result description:

   Status: FAILED

   Error: {"35000":"---BEGIN---\n{\"code\":400,\"message\":\"Certificate chain is not valid.\"}\n---END---\n\nUse -e option to get more details.\n"}

com.vmware.vrealize.lcm.common.exception.EngineException: Failure: Command execution result:

Command id: 11a66a83-dd5a-4fe6-8a02-22cbda182d1b

Tags (1)
0 Kudos
1 Reply
Gleed
VMware Employee
VMware Employee
‎11-11-2019 01:12 PM

Hi,

I'm not sure if this will help you, but a quick bit of research on the topic "certificate chan is not valid" did turn up a couple of similar issues that seemed to be related to the order that the certificates were listed in the certificate request.

From the docs: (Replace Certificates in the vRealize Automation Appliance)

Note:If you use certificate chains, specify the certificates in the following order:

  1. Client/server certificate signed by the intermediate CA certificate
  2. One or more intermediate certificates
  3. A root CA certificate
0 Kudos