Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
vCenter Migration from 5.5 to 6.x using Migration assistant fails with: Error: vCenter CA certificate not verified. Stopping. In the migration-assistant.log file, you see entries similar to, 2016-11-08 15:31:13.236Z| migration-assistant-4191364| I: IsAddrCompatibleWithCertDnsName: Address 'vcenter.domain.com' is not compatible with DNS name 'vcenter'. 2016-11-08 15:31:13.236Z| migration-assistant-4191364| I: IsAddrCompatibleWithCertDnsName: Address 'vcenter.domain.com' is compatible with DNS name 'vcenter.domain.com'. 2016-11-08 15:31:13.236Z| migration-assistant-4191364| E: ParsePreUpgradeOutput: Error: Failed to discover a system name that is compatible with both your VMware vCenter Server certificate and your VMware Single Sign-On certificate thatcan be used to migrate to a VMware vCenter Server Appliance with an embedded Platform Services Controller. 2016-11-08 15:31:13.236Z| migration-assistant-4191364| I: ParsePreUpgradeOutput: Resolution: Regenerate your VMware vCenter Server SSL certificate and your VMware Single Sign-On SSL certificate to have a common system name that can be used to migrate your system to VMware vCenter Server Appliance with Platform Services Controller. DHCP IP Address cannot be used as a system name to migrate to a VMware vCenter Server Appliance. 2016-11-08 15:31:13.279Z| migration-assistant-4191364| I: ParseErrorsWarningsFromPreUpgradeOutput: Parsed 1 error messages. 2016-11-08 15:31:13.279Z| migration-assistant-4191364| I: ParseErrorsWarningsFromPreUpgradeOutput: Error messages: Error: vCenter CA cerfificate not verified. Stopping. Resolution: Please use the vCenter Upgrade Logs to get more details of this error. 2016-11-08 15:31:13.279Z| migration-assistant-4191364| I: ParseErrorsWarningsFromPreUpgradeOutput: Parsed 1 warning messages. 2016-11-08 15:31:13.279Z| migration-assistant-4191364| I: ParseErrorsWarningsFromPreUpgradeOutput: Warning messages: Warning: This vCenter Server has extensions registered that cannot be upgraded to or may not work with the new vCenter Server. Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.
This issue occurs if vCenter certificate cacert.pem is not located in C:\ProgramData\VMware\VMware VirtualCenter\SSL.
Resolution of the issue "Error: vCenter CA certificate not verified. Stopping": To resolve the issue "Error: vCenter CA certificate not verified. Stopping" follow the steps below: Create a new cacert.pem file signed by the Custom CA CertificateCreate a new cacert.pem file signed by the VMCA Step 1: Create a new cacert.pem file signed by the Custom CA Certificate: Create a new cacert.pem with vCenter certificate and root certificate (if intermediate is present, add the intermediate as well)Save the above file as cacert.pem under C:\ProgramData\VMware\VMware VirtualCenter\SSL.Re-run the migration tool again. Step 2: Create a new cacert.pem file signed by the VMCA Create the cfg file using below template [ req ]distinguished_name = req_distinguished_nameencrypt_key = noprompt = nostring_mask = nombstrreq_extensions = v3_req[ v3_req ]basicConstraints = CA:falsekeyUsage = nonRepudiation, digitalSignature, keyEnciphermentsubjectAltName = DNS:vc.local, DNS:vc[ req_distinguished_name ]countryName = USstateOrProvinceName = StatelocalityName = City0.organizationName = CompanyorganizationalUnitName = ITcommonName = vc.localNote: Change DNS, CommonName, Sate,City,Company,OrganizationUnitName, where ever required. Create the csr and key file using the below command: Note: Openssl.exe file is available in this location in vCenter Server 5.5: C:\Program Files\VMware\Infrastructure\Inventory Service\bin openssl.exe req -new -nodes -out "C:\ProgramData\VMware\VMware VirtualCenter\SSL\rui.csr" -newkey rsa:2048 -keyout "C:\ProgramData\VMware\VMware VirtualCenter\SSL\rui.key" -config "C:\ProgramData\VMware\VMware VirtualCenter\SSL\rui.cfg" Create the certificate using below command, openssl.exe x509 -req -days 3650 -in "C:\ProgramData\VMware\VMware VirtualCenter\SSL\rui.csr" -out "C:\ProgramData\VMware\VMware VirtualCenter\SSL\rui.crt" -CA "C:\ProgramData\VMware\CIS\data\vmca\root.cer" -CAkey "C:\ProgramData\VMware\CIS\data\vmca\privatekey.pem" -extensions v3_req -CAcreateserial -extfile "C:\ProgramData\VMware\VMware VirtualCenter\SSL\rui.cfg" Run the command: vpxd -p Go to location C:\ProgramData\VMware\CIS\data\vmca.Copy privatekey.pem and root.cer files and paste into the location C:\ProgramData\VMware\VMware VirtualCenter\SSL\. Rename the root.cer file to cacert.pemReload the certificate from the mob page, navigate to below url http://localhost/mob/?moid=vpxd-securitymanager&vmodl=1https:///mob/?moid=vpxd-securitymanager&vmodl=1 Enter a vCenter Server administrator or administrator@vsphere.local username and password when prompted.Click reloadSslCertificate.Click Invoke Method. If successful, the window shows this message: Method Invocation Result: void.Change to the vCenter Server directory. By default, this is C:\Program Files\VMware\Infrastructure\VirtualCenter Server\.Restart the VMware VirtualCenter Server service from the service control manager (services.msc).Restart the VMware vSphere Profile Driven Storage Service. Ensure if the VMware VirtualCenter Management Webservices service is started.
Configuring CA signed certificates for vCenter Server 5.5“Failed to verify the SSL certificate" after upgrading to vCenter Server 5.5 U1 or later