Skip to main content
Sign Out
Welcome to Dell
My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us
Your Dell.com Carts
Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

Article Number: 000194669

Dell EMC VxRail: Unable to import vCenter root certificates due to empty or corrupted CRL files

Summary: Unable to import vCenter root certificates due to empty or corrupted CRL file.

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content

Symptoms

When following Dell KB article 77894: VxRail: How to manually import vCenter SSL certificate on VxRail Manager  to manually import vCenter server certificate, it shows error when converting the .r files: 
#openssl crl -outform der -in /tmp/certificates/certs/lin/e1f7261b.r1 -out newcrltfile1
unable to load CRL
OR  
#cert_util_init.py script failed with error:
Failed to find a matching root CA Certificate/CRL set that could verify vCenter certificate
OR
Failed to installed vCenter certificate with Chrome, error:
The Private Key for this Client Certificate is missing or invalid OR Invalid or corrupt file 

Cause

vCenter root Certificate CRL file is empty or corrupted.

How to check if this is the issue:
  1. Download and extract the latest vCenter root certificate (https://kb.vmware.com/s/article/2108294).
  2. Check if any CRL file is empty or corrupted. (screenshot below)
crl error.png
Or 
  1. SSH to PSC and vCenter with root credential.
  2. Change to directory /etc/ssl/certs.
  3. Check if any .r file is 0 bytes or corrupted.

Resolution

To resolve this issue:
  1. If any empty or corrupted CRL file is found on the PSC and or vCenter, take OFFLINE snapshots for PSC and vCenter before proceeding further.
  2. Follow instructions from VMware KB article 59555 to run fix_crl.sh script (https://kb.vmware.com/s/article/59555). The script should be performed on both VCSA and PSC.
  3. On vCenter, go to folder /etc/vmware-vpx/docRoot/certs.
  4. If the empty (0 bytes) or corrupted CRL files still exist, DELETE the file from this directory.
  5. Reboot PSC and vCenter after fix_crl.sh.
  6. Reimport vCenter root certificate to VxRail manager.

Additional Information

Note:  
To bypass SSL Trust Validation Check, follow Dell KB 35766: VxRail: Validation fails with error message "Retrieved external vCenter Server certificate is invalid."

Article Properties

Affected Product

VxRail, VMware vCenter Server

Last Published Date

30 Apr 2022

Version

5

Article Type

Solution

Back to Top