Dell Unity: Unable to renew/remove VASA certificate due to Certificate Chain too long (User Correctable)
Summary: There are many reasons for not being able to renew/remove a VASA certificate. This article covers only the attempt to renew/remove when the Certificate Validation fails due to "Certificate Chain too long". ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
When attempting to renew the VASA Certificate from vSphere, error occurs:
Issue fails to resolve using KB:
When attempting to remove Certificate from Unity using UEMCLI, either:
"The provider certificate is invalid. It is either empty, malformed, or expired, not yet valid, revoked, or fails host name verification."
Issue fails to resolve using KB:
- KB article 49556: Dell EMC Unity: Unable to use Unity as VASA storage provider due to certificate error (User Correctable)
- KB article 22509: Dell EMC Unity: How to manually renew a Unity Management SSL certificate. (User corretable.
- KB article 37959: Dell EMC Unity: VASA certificate expired (User Correctable)
When attempting to remove Certificate from Unity using UEMCLI, either:
- Output is successful but the Certificate remains in System.
- Output fails with error: "The certificate does not exist. (Error Code:0x6000940)"
service@spb~# uemcli -no -u admin -p /sys/cert -id vasa_http-vc1-servercert-1 delete Operation completed successfully. service@spb~# uemcli -no -u admin -p /sys/cert show 1: ID = vasa_http-vc1-cacert-1 Type = CA Service = VASA_HTTP Certificate ID = vasa_http-vc1-cacert-1 service@spb~# uemcli -no -u admin -p /sys/cert -id vasa_http-vc1-servercert-1 delete Operation failed. Error code: 0x6000940 The certificate does not exist. (Error Code:0x6000940) service@spb~# uemcli -no -u admin -p /sys/cert show 1: ID = vasa_http-vc1-cacert-1 Type = CA Service = VASA_HTTP Certificate ID = vasa_http-vc1-cacert-1
Cause
For this particular issue, it was found that the certificate chain was too long. The maximum stipulated SSL Verification Depth in the Unity OE 5.0.6 and earlier versions is 1, and this particular certificate had a Depth of 3.
Resolution
This issue will be addressed in an upcoming Unity OE release.
For more details about Unity OE releases, refer to KB article 20641: Dell EMC Unity OE Revision Matrix (User Correctable)
There is a Workaround in place which consists in:
For more details about Unity OE releases, refer to KB article 20641: Dell EMC Unity OE Revision Matrix (User Correctable)
There is a Workaround in place which consists in:
- Technical Support changing the SSL Verify Depth value.
- Technical Support deleting all certificates listed in Array
- Technical Support restarting Management Services (this will not disrupt Production)
- Unity Administrator adding Unity as VASA storage provider on vSphere.
Affected Products
Dell Unity 300, Dell EMC Unity 300F, Dell EMC Unity 350F, Dell EMC Unity 400, Dell EMC Unity 400F, Dell EMC Unity 450F, Dell EMC Unity 500, Dell EMC Unity 500F, Dell EMC Unity 550F, Dell EMC Unity 600Products
Dell EMC Unity XT 380, Dell EMC Unity XT 380F, Dell EMC Unity XT 480, Dell EMC Unity XT 480F, Dell EMC Unity 600F, Dell EMC Unity 650F, Dell EMC Unity XT 680, Dell EMC Unity XT 680F, Dell EMC Unity XT 880, Dell EMC Unity XT 880F
, Dell EMC Unity Family |Dell EMC Unity All Flash, Dell EMC Unity Family, Dell EMC Unity Hybrid
...
Article Properties
Article Number: 000185269
Article Type: Solution
Last Modified: 20 Oct 2025
Version: 5
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.