Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

Dell EMC VxRail: Unable to import vCenter root certificates due to empty or corrupted CRL files

Summary: Unable to import vCenter root certificates due to empty or corrupted CRL file.

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content


When following Dell KB article 77894: VxRail: How to manually import vCenter SSL certificate on VxRail Manager  to manually import vCenter server certificate, it shows error when converting the .r files:
#openssl crl -outform der -in /tmp/certificates/certs/lin/e1f7261b.r1 -out newcrltfile1
unable to load CRL
OR script failed with error:
Failed to find a matching root CA Certificate/CRL set that could verify vCenter certificate
Failed to installed vCenter certificate with Chrome, error:
The Private Key for this Client Certificate is missing or invalid OR Invalid or corrupt file 


vCenter root Certificate CRL file is empty or corrupted.

How to check if this is the issue:
  1. Download and extract the latest vCenter root certificate (
  2. Check if any CRL file is empty or corrupted. (screenshot below)
crl error.png
  1. SSH to PSC and vCenter with root credential.
  2. Change to directory /etc/ssl/certs.
  3. Check if any .r file is 0 bytes or corrupted.


To resolve this issue:
  1. If any empty or corrupted CRL file is found on the PSC and or vCenter, take OFFLINE snapshots for PSC and vCenter before proceeding further.
  2. Follow instructions from VMware KB article 59555 to run script ( The script should be performed on both VCSA and PSC.
  3. On vCenter, go to folder /etc/vmware-vpx/docRoot/certs.
  4. If the empty (0 bytes) or corrupted CRL files still exist, DELETE the file from this directory.
  5. Reboot PSC and vCenter after
  6. Reimport vCenter root certificate to VxRail manager.

Additional Information

To bypass SSL Trust Validation Check, follow Dell KB 35766: VxRail: Validation fails with error message "Retrieved external vCenter Server certificate is invalid."

Article Properties

Affected Product

VxRail, VMware vCenter Server

Last Published Date

30 Apr 2022



Article Type