VMware Cloud Community
skoch
Enthusiast
Enthusiast
‎02-15-2016 03:49 PM
Jump to solution

vRA 7 certificate replacement error

Running into an issue when replacing certs on the IaaS web server. I replace the cert in the vRA Appliance and I get the error "Certificate with thumbprint {thumbprint} not found in store." I checked and the certificate was definitely added to the IaaS web server. I even changed the binding of IIS on that web server to use the new certificate and than ran the process in the vRA appliance again and I got the same message.

thumbprint_error.PNG

Tags (2)
1 Solution

Accepted Solutions
skoch
Enthusiast
Enthusiast
‎02-16-2016 05:37 PM
Jump to solution

I worked with support on this and they didn't even try to troubleshoot updating the cert through the VAMI. They had me manually do it using basically the same steps as 6.2 (although there is a new URL) - http://pubs.vmware.com/vra-70/index.jsp#com.vmware.vrealize.automation.doc/GUID-91B9E89E-206B-4B1C-9...

I know this doesn't actually solve the root cause of the problem but at least if you stumble onto this thread you'll know not to waste time trying to get it work through the VAMI.

Update 9/7/2016

The above vRA 7 link no longer works and I'm unable to find a replacement for vRA 7. However, the steps are the same as though documented for vRA 6 which can be found here: http://pubs.vmware.com/vra-62/index.jsp?topic=%2Fcom.vmware.vra.install.doc%2FGUID-91B9E89E-206B-4B1...

View solution in original post

5 Replies
skoch
Enthusiast
Enthusiast
‎02-16-2016 05:37 PM
Jump to solution

I worked with support on this and they didn't even try to troubleshoot updating the cert through the VAMI. They had me manually do it using basically the same steps as 6.2 (although there is a new URL) - http://pubs.vmware.com/vra-70/index.jsp#com.vmware.vrealize.automation.doc/GUID-91B9E89E-206B-4B1C-9...

I know this doesn't actually solve the root cause of the problem but at least if you stumble onto this thread you'll know not to waste time trying to get it work through the VAMI.

Update 9/7/2016

The above vRA 7 link no longer works and I'm unable to find a replacement for vRA 7. However, the steps are the same as though documented for vRA 6 which can be found here: http://pubs.vmware.com/vra-62/index.jsp?topic=%2Fcom.vmware.vra.install.doc%2FGUID-91B9E89E-206B-4B1...

Aronov
VMware Employee
VMware Employee
‎05-30-2016 05:00 AM
Jump to solution

Hi skoch,

The problem is with the certificate update process. An over validation happens, that checks if the cert is present in trusted people (which it shouldn't be if the cert is CA signed).

To work around the failure you need to manually deploy the new cert in the [Local computer].Trusted people store. Once the change procedure completes you can remove it from trusted people.

Also, since are providing just the thumbprint to VAMI, and not uploading the certificate you will need to make sure the cert (with the PK) is already deployed to the [Local Computer].Personal store on all Web servers.

lodoss900
Enthusiast
Enthusiast
‎06-09-2016 10:49 PM
Jump to solution

Thank you that did the trick

I copied the cert from the natural location local computer personal to Local Computer Trust People

Re imported and it worked as expected

A minor hiccup for such a great improvement on updating certs

Thank for the info

0 Kudos
skoch
Enthusiast
Enthusiast
‎09-07-2016 12:35 PM
Jump to solution

Hi Aronov,

Do you know if this has been corrected in 7.0.1 or 7.1? I don't see anything about it in the release notes and have another customer who appears to be having the same issue with 7.0.1.

Thanks!

0 Kudos
GrantOrchardVMw
Commander
Commander
‎09-12-2016 01:48 AM
Jump to solution

It was fixed in 7.1

Grant http://grantorchard.com
0 Kudos