Hello - looking for some advice on an vCenter upgrade I'm attempting from 6.7 U3 to 7.0 U3.
VC_UPC.VCSA.CertSANCheck: Certificate SAN DNS and FQDN Check
vCenter Server 7.0 requires Machine FQDN to be past of SubjectAltName of Certificate
KB Number: 2097936
Resolution:
Certificate Requirements: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.authentication.doc/GUID-DE49FBF5-E2...
Please read KB: https://kb.vmware.com/s/article/2097936 for more details on replacing certificates.
Investigation Details:
Data Collection Time: 2023-01-12T19:50:13
Certificate: vCenter Rhttpproxy TLS Certificate has no DNS Name in SubjectAltName
Certificate Subject Alternative Names
Certificate FQDN SAN-DNS StatusvCenter Rhttpproxy TLS Certificate | (correct FQDN - redacted) | [] | RED |
One of more Certificates on vCenter have no or incorrect DNS in SubjectAltName
X509v3 Subject Alternative Name:
email:email@acme.com, IP Address:127.0.0.1
Have you run through the steps in the following KB to see if the pnid matches.... https://kb.vmware.com/s/article/50112870
Thanks - I ran each step in the KB and all three outputs were set to the FQDN of the VCSA.
I used to have an external PSC but that was consolidated to an embedded maybe a year ago - this is the first major upgrade since that was performed - could that have caused an issue?
The only reference to the old external PSC is on the 'issuer' section of the certs, everything else is set to the FQDN of the VCSA.