Symptoms
Certificate Replacement with Custom Certificates fails on vCenter Server 6.x with lstool get-site-id failed error messageCertificate Manager log shows similar to below messages
2016-04-11T17:05:12.2Z ERROR certificate-manager Error while replacing Machine SSL Cert, please see /var/log/vmware/vmcad/certificate-manager.log for more information.2016-04-11T17:05:12.3Z ERROR certificate-manager 'lstool get-site-id' failed: 12016-04-11T17:05:12.3Z INFO certificate-manager Performing rollback of Machine SSL Cert...Log location:VCSA - /var/log/vmware/vmcad/certificate-manager.logWindows vCenter Server - %ProgramData%\VMware\vCenterServer\logs\vmca\certificate-manager.log
Cause
This issue can happen while trying to replace Machine SSL of vCenter Server 6.x using Custom Certificate with an unsupported Signature Algorithm RSASSA-PSS
Resolution
To resolve the issue follow the steps below:
Regenerate the Certificate with a Supported Signature Algorithm (Eg. SHA256) and proceed with certificate replacement to fix the issue.
Refer to Article Replacing a vSphere 6.x Machine SSL certificate with a Custom Certificate Authority Signed Certificate to replace the Machine SSL Certificate
Related Information
Refer to VMware Doc Certificate Requirements for Different Solution Paths for more information on unsupported signature algorithms
