BugZero | Dell BugID 185269 - Dell Unity: Unable to renew/remove VASA certificat...

Dell - Defect ID: 185269

Dell Unity: Unable to renew/remove VASA certificate due to Certificate Chain too long (User Correctable)

Dell - Defect ID: 185269

Dell Unity: Unable to renew/remove VASA certificate due to Certificate Chain too long (User Correctable)

Last updated on 2/6/2024

Overall: 0N/A

Severity: 0N/A

Community: 0N/A

Lifecycle: 0N/A

What is the BugZero Risk Score?

Vendor details

Support Case Count: 61
Article View Count: 1103
Impact Category: Corrective MaintenanceEMC Interoperability

Overall: 0N/A

Severity: 0N/A

Community: 0N/A

Lifecycle: 0N/A

What is the BugZero Risk Score?

Vendor details

Support Case Count: 61
Article View Count: 1103
Impact Category: Corrective MaintenanceEMC Interoperability

Symptoms

When attempting to renew the VASA Certificate from vSphere, error occurs: "The provider certificate is invalid. It is either empty, malformed, or expired, not yet valid, revoked, or fails host name verification." Issue fails to resolve using KB: KB article 49556: Dell EMC Unity: Unable to use Unity as VASA storage provider due to certificate error (User Correctable) KB article 22509: Dell EMC Unity: How to manually renew a Unity Management SSL certificate. (User corretable. KB article 37959: Dell EMC Unity: VASA certificate expired (User Correctable) When attempting to remove Certificate from Unity using UEMCLI, either: Output is successful but the Certificate remains in System.Output fails with error: "The certificate does not exist. (Error Code:0x6000940)" Example of both points: service@spb~# uemcli -no -u admin -p /sys/cert -id vasa_http-vc1-servercert-1 delete Operation completed successfully. service@spb~# uemcli -no -u admin -p /sys/cert show 1: ID = vasa_http-vc1-cacert-1 Type = CA Service = VASA_HTTP Certificate ID = vasa_http-vc1-cacert-1 service@spb~# uemcli -no -u admin -p /sys/cert -id vasa_http-vc1-servercert-1 delete Operation failed. Error code: 0x6000940 The certificate does not exist. (Error Code:0x6000940) service@spb~# uemcli -no -u admin -p /sys/cert show 1: ID = vasa_http-vc1-cacert-1 Type = CA Service = VASA_HTTP Certificate ID = vasa_http-vc1-cacert-1

Cause

For this particular issue, it was found that the certificate chain was too long. The maximum stipulated SSL Verification Depth in the Unity OE 5.0.6 and earlier versions is 1, and this particular certificate had a Depth of 3.

Resolution

This issue will be addressed in an upcoming Unity OE release.For more details about Unity OE releases, refer to KB article 20641: Dell EMC Unity OE Revision Matrix (User Correctable) There is a Workaround in place which consists in: Technical Support changing the SSL Verify Depth value.Technical Support deleting all certificates listed in ArrayTechnical Support restarting Management Services (this will not disrupt Production)Unity Administrator adding Unity as VASA storage provider on vSphere. To have this Workaround implemented on your Unity Array, contact Support and quote Article Number 185269.

Support Cases

Original Vendor Announcement

No bugs this month

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Dell - Defect ID: 185269

Dell Unity: Unable to renew/remove VASA certificate due to Certificate Chain too long (User Correctable)

Dell - Defect ID: 185269

Dell Unity: Unable to renew/remove VASA certificate due to Certificate Chain too long (User Correctable)

Last updated on 2/6/2024

Vendor details

Vendor details

Description

Symptoms

Cause

Resolution

Support Cases

Links

Top Dell defects by risk score

Ready to prevent the next vendor outage?