Hello everyone,
Actually, my VCSA is on 6.7 and our 3 ESXi on 6.7 update 3. I add a new licence and i want to add a fourth ESXi (same model and version like 3 others ESXi) on my cluster but i have this error message :
Unable to push CA certificates and CRLs to host esx04
Someone know what is the problem and how i can solve it ?
Thanks for your help.
I found this in the release notes of 6.7 update 3:
Server Configuration Issues
X509v3 Basic Constraints: CA: TRUE
. If a certificate without this bit set is passed to the trust store, for example, a self-signed certificate, the certificate is rejected. As a result, you might fail to add an ESXi host to the vCenter Server system.This issue is resolved in this release. The fix adds the advanced option Config.HostAgent.ssl.keyStore.allowSelfSigned
. If you already face the issue, set this option to TRUE
to add a self-signed server certificate to the ESXi trust store.https://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-server-67u3-release-notes.html
Or take a look at this thread:
https://communities.vmware.com/thread/619169
I found this in the release notes of 6.7 update 3:
Server Configuration Issues
X509v3 Basic Constraints: CA: TRUE
. If a certificate without this bit set is passed to the trust store, for example, a self-signed certificate, the certificate is rejected. As a result, you might fail to add an ESXi host to the vCenter Server system.This issue is resolved in this release. The fix adds the advanced option Config.HostAgent.ssl.keyStore.allowSelfSigned
. If you already face the issue, set this option to TRUE
to add a self-signed server certificate to the ESXi trust store.https://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-server-67u3-release-notes.html
Or take a look at this thread:
https://communities.vmware.com/thread/619169