Dell Unity: Unable to Renew or Remove VASA Certificate Due to Long Chain

概要: There are many reasons for not being able to renew or remove a VASA certificate. This article covers only the attempt to renew or remove when the Certificate Validation fails due to "Certificate Chain too long". ...

この記事は次に適用されます: この記事は次には適用されません: この記事は、特定の製品に関連付けられていません。 すべての製品パージョンがこの記事に記載されているわけではありません。

現象

When attempting to renew the VASA Certificate from vSphere, the following error occurs:

"The provider certificate is invalid. It is either empty, malformed, or expired, not yet valid, revoked, or fails host name verification."

 

"The provider certificate is invalid. It is either empty, malformed, or expired, not yet valid, revoked, or fails host name verification." 
 
"The provider certificate is invalid. It is either empty, malformed, or expired, not yet valid, revoked, or fails host name verification." 

Issue is not resolved using the following Dell articles:

When attempting to remove the certificate from the Unity array, using UEMCLI, either:    

  • The output is successful, but the certificate remains in system.
  • The output fails with error: "The certificate does not exist. (Error Code:0x6000940)"

Example of both points:

service@spb~# uemcli -no -u admin -p  /sys/cert -id vasa_http-vc1-servercert-1 delete
Operation completed successfully.

service@spb~# uemcli -no -u admin -p  /sys/cert show
1: ID = vasa_http-vc1-cacert-1
Type = CA
Service = VASA_HTTP
Certificate ID = vasa_http-vc1-cacert-1

service@spb~# uemcli -no -u admin -p  /sys/cert -id vasa_http-vc1-servercert-1 delete
Operation failed. Error code: 0x6000940
The certificate does not exist. (Error Code:0x6000940)

service@spb~# uemcli -no -u admin -p  /sys/cert show
1: ID = vasa_http-vc1-cacert-1
Type = CA
Service = VASA_HTTP
Certificate ID = vasa_http-vc1-cacert-1

原因

For this particular issue, it was found that the certificate chain was too long. The maximum stipulated SSL Verification Depth on Unity OE 5.0.6 and earlier versions is 1, and this particular certificate had a Depth of 3.

解決方法

RESOLUTION

Upgrade to Unity OE 5.1.x. 
For more details about Unity OE releases, refer to article Dell Unity OE Matrix.

WORKAROUND

  1. Technical Support changing the SSL Verify Depth value.
  2. Technical Support deleting all certificates listed on the array.
  3. Technical Support restarting Management Services (this does not disrupt production).
  4. Unity Administrator adding Unity as VASA storage provider on vSphere.

To have this workaround applied to your Unity array, contact Dell Technical Support and reference this article ID 000185269.

対象製品

Dell Unity 300, Dell EMC Unity 300F, Dell EMC Unity 350F, Dell EMC Unity 400, Dell EMC Unity 400F, Dell EMC Unity 450F, Dell EMC Unity 500, Dell EMC Unity 500F, Dell EMC Unity 550F, Dell EMC Unity 600

製品

Dell EMC Unity XT 380, Dell EMC Unity XT 380F, Dell EMC Unity XT 480, Dell EMC Unity XT 480F, Dell EMC Unity 600F, Dell EMC Unity 650F, Dell EMC Unity XT 680, Dell EMC Unity XT 680F, Dell EMC Unity XT 880, Dell EMC Unity XT 880F , Dell EMC Unity Family |Dell EMC Unity All Flash, Dell EMC Unity Family, Dell EMC Unity Hybrid ...
文書のプロパティ
文書番号: 000185269
文書の種類: Solution
最終更新: 15 7月 2026
バージョン:  7
質問に対する他のDellユーザーからの回答を見つける
サポート サービス
お使いのデバイスがサポート サービスの対象かどうかを確認してください。