Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Upgrading to vCenter Server 5.1 fails with the error: Certificate already expired (2035413)

Symptoms

  • Installing vCenter Single Sign On fails
  • Cannot upgrade to vCenter Server 5.1
  • vCenter Server 5.1 Installer fails
  • Upgrading vCenter Server 5.1 fails while installing the Inventory service
  • vCenter Server installer reports the error:

    Error 29113. Wrong input - either a command line argument is wrong, a file cannot be found or the spec file doesn't contain the required information, or the clocks on the two systems are not synchronized. Check vm_ssoreg.log in system temporary folder for details.

  • In the vm_ssoreg.log file, located in the %TEMP% directory, you see the error:

    java.lang.IllegalArgumentException: Invalid solution certificate. Certificate already expired.

Cause

The issue occurs if the vCenter Server certificate has expired.

To verify if the certificate has expired, check the certificate file specified in vcsso.properties file.

Note: The vcsso.properties file is located at C:\Program Files\VMware\Infrastructure\VirtualCenter Server\ssoregtool\.

Resolution

This issue is resolved in VMware vCenter Server 5.1.0a released on October 25, 2012. For more information see the VMware vCenter Server 5.1.0a Release Notes.
 
To download vCenter Server 5.1.0a, see the VMware Download Center.

If you are not able to upgrade, regenerate the expired certificates and then upgrade to vCenter Server 5.1.
 
To regenerate the expired certificates and then upgrade to vCenter Server 5.1: 

Note: If the upgrade previously succeeded however the VirtualCenter Server service now fails to start , see vCenter Server Services hang on startup after upgrading to vCenter Server 5.1 (2035623) to recover from this situation.
  1. Open the vcsso.properties file using a text editor.
  2. Find the location of rui.crt certificate file, which is specified under the [solutionUsers] section of the vcsso.properties file.

    Note: In some cases, the vcsso.properties file may have been removed after a failed installation. If the vcsso.properties file has been removed, the default location of the rui.crt file is C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\SSL\.

  3. After determining the location of the rui.crt file, run this command to see the expiration date and view the encryption bit used:

    $ openssl x509 -in rui.crt -noout -text


    Note: In case of an expired certificate, you see an output similar to:

    ..
    Validity
    Not Before: Jul 28 11:03:38 2008 GMT
    Not After : Jul 28 11:03:38 2010 GMT
    ..

  4. If the certificate has expired, update the certificates before upgrading to vCenter Server 5.1. To update certificates on vSphere 5.0 and vSphere 4.1, see the steps outlined in Installing the intermediate certificate chain for vCenter Server 5.0 (2030422).
  5. Once the new certificates have been regenerated, re-try the vCenter Server 5.1 upgrade.
  6. After the upgrade completes, reconnect all hosts.

See Also

Update History

11/13/2012 - Added resolved with link to download center

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 26 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 26 Ratings
Actions
KB: