Dell Unity: Unable to renew/remove VASA certificate due to Certificate Chain too long (User Correctable)
Riepilogo: There are many reasons for not being able to renew/remove a VASA certificate. This article covers only the attempt to renew/remove when the Certificate Validation fails due to "Certificate Chain too long". ...
Questo articolo si applica a
Questo articolo non si applica a
Questo articolo non è legato a un prodotto specifico.
Non tutte le versioni del prodotto sono identificate in questo articolo.
Sintomi
When attempting to renew the VASA Certificate from vSphere, error occurs:
Issue fails to resolve using KB:
When attempting to remove Certificate from Unity using UEMCLI, either:
"The provider certificate is invalid. It is either empty, malformed, or expired, not yet valid, revoked, or fails host name verification."
Issue fails to resolve using KB:
- KB article 49556: Dell EMC Unity: Unable to use Unity as VASA storage provider due to certificate error (User Correctable)
- KB article 22509: Dell EMC Unity: How to manually renew a Unity Management SSL certificate. (User corretable.
- KB article 37959: Dell EMC Unity: VASA certificate expired (User Correctable)
When attempting to remove Certificate from Unity using UEMCLI, either:
- Output is successful but the Certificate remains in System.
- Output fails with error: "The certificate does not exist. (Error Code:0x6000940)"
service@spb~# uemcli -no -u admin -p /sys/cert -id vasa_http-vc1-servercert-1 delete Operation completed successfully. service@spb~# uemcli -no -u admin -p /sys/cert show 1: ID = vasa_http-vc1-cacert-1 Type = CA Service = VASA_HTTP Certificate ID = vasa_http-vc1-cacert-1 service@spb~# uemcli -no -u admin -p /sys/cert -id vasa_http-vc1-servercert-1 delete Operation failed. Error code: 0x6000940 The certificate does not exist. (Error Code:0x6000940) service@spb~# uemcli -no -u admin -p /sys/cert show 1: ID = vasa_http-vc1-cacert-1 Type = CA Service = VASA_HTTP Certificate ID = vasa_http-vc1-cacert-1
Causa
For this particular issue, it was found that the certificate chain was too long. The maximum stipulated SSL Verification Depth in the Unity OE 5.0.6 and earlier versions is 1, and this particular certificate had a Depth of 3.
Risoluzione
This issue will be addressed in an upcoming Unity OE release.
For more details about Unity OE releases, refer to KB article 20641: Dell EMC Unity OE Revision Matrix (User Correctable)
There is a Workaround in place which consists in:
For more details about Unity OE releases, refer to KB article 20641: Dell EMC Unity OE Revision Matrix (User Correctable)
There is a Workaround in place which consists in:
- Technical Support changing the SSL Verify Depth value.
- Technical Support deleting all certificates listed in Array
- Technical Support restarting Management Services (this will not disrupt Production)
- Unity Administrator adding Unity as VASA storage provider on vSphere.
Prodotti interessati
Dell Unity 300, Dell EMC Unity 300F, Dell EMC Unity 350F, Dell EMC Unity 400, Dell EMC Unity 400F, Dell EMC Unity 450F, Dell EMC Unity 500, Dell EMC Unity 500F, Dell EMC Unity 550F, Dell EMC Unity 600Prodotti
Dell EMC Unity XT 380, Dell EMC Unity XT 380F, Dell EMC Unity XT 480, Dell EMC Unity XT 480F, Dell EMC Unity 600F, Dell EMC Unity 650F, Dell EMC Unity XT 680, Dell EMC Unity XT 680F, Dell EMC Unity XT 880, Dell EMC Unity XT 880F
, Dell EMC Unity Family |Dell EMC Unity All Flash, Dell EMC Unity Family, Dell EMC Unity Hybrid
...
Proprietà dell'articolo
Numero articolo: 000185269
Tipo di articolo: Solution
Ultima modifica: 20 ott 2025
Versione: 5
Trova risposta alle tue domande dagli altri utenti Dell
Support Services
Verifica che il dispositivo sia coperto dai Servizi di supporto.