Upgrading to vCenter Server 5.1 fails with the error: Certificate already expired (2035413)
- Installing vCenter Single Sign On fails
- Cannot upgrade to vCenter Server 5.1
- vCenter Server 5.1 Installer fails
- Upgrading vCenter Server 5.1 fails while installing the Inventory service
- vCenter Server installer reports the error:
Error 29113. Wrong input - either a command line argument is wrong, a file cannot be found or the spec file doesn't contain the required information, or the clocks on the two systems are not synchronized. Check vm_ssoreg.log in system temporary folder for details.
- In the
vm_ssoreg.logfile, located in the
%TEMP%directory, you see the error:
java.lang.IllegalArgumentException: Invalid solution certificate. Certificate already expired.
This issue occurs if the vCenter Server certificate expires.
To verify if the certificate has expired, check the certificate file specified in
vcsso.properties file is located at
C:\Program Files\VMware\Infrastructure\VirtualCenter Server\ssoregtool\.
If you are unable to upgrade, regenerate the expired certificates and then upgrade to vCenter Server 5.1.
Note: If the upgrade previously succeeded however the VirtualCenter Server service now fails to start , see vCenter Server Services hang on startup after upgrading to vCenter Server 5.1 (2035623) to recover from this situation.
- Open the
vcsso.propertiesfile using a text editor.
- Find the location of
rui.crtcertificate file, which is specified under the
[solutionUsers]section of the
Note: In some cases, the
vcsso.propertiesfile may have been removed after a failed installation. If the
vcsso.propertiesfile is removed, the default location of the
C:\Documents and Settings\All Users\Application Data\VMware\VMware VirtualCenter\SSL\.
- After determining the location of the
rui.crtfile, run this command to see the expiration date and view the encryption bit used:
$ openssl x509 -in rui.crt -noout -text
Note: In case of an expired certificate, you see an output similar to:
Not Before: Jul 28 11:03:38 2008 GMT
Not After : Jul 28 11:03:38 2010 GMT
- If the certificate expires, update the certificates before upgrading to vCenter Server 5.1. To update certificates on vSphere 5.0 and vSphere 4.1, see the steps outlined inInstalling the intermediate certificate chain for vCenter Server 5.0 (2030422).
- Once the new certificates are regenerated, re-try the vCenter Server 5.1 upgrade.
- After the upgrade completes, reconnect all hosts.
- Troubleshooting VMware Single Sign-On configuration and installation issues in a Windows server (2033880)