VxRail: Node Add NIC Configuration Error: SSL: CERTIFICATE_VERIFY_FAILED
Summary: A node add fails on NIC configuration with error: SSL: CERTIFICATE_VERIFY_FAILED
Bu makale şunlar için geçerlidir:
Bu makale şunlar için geçerli değildir:
Bu makale, belirli bir ürüne bağlı değildir.
Bu makalede tüm ürün sürümleri tanımlanmamıştır.
Symptoms
While performing a Node Add, we are unable to go pass the NIC Configuration Page.
Error log:
22-04-28T05:33:31.194+0000 ERROR [pool-69-thread-1] com.vce.commons.domainowner.graphq.DefaultQueryExecutorImpl DefaultQueryExecutorImpl.filterOutErrorData:173 - Errors in do-host responsFQDN:9090 ssl:<gevent._ssl3.SSLContext object at 0x7f31e9481278> [[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:
852)]","locations":[{"line":1,"column":1542,"sourceName":null}],"description":null,"validationErrorType":null,"queryPath":null,"errorType":null,"path":["configuredHosts","0","hardware","pos
ition","rackName"],"extensions":null}
Curl check:
vxrm # curl --capath /var/lib/vmware-marvin/trust/lin --user root -X GET -H "Content-Type: application/json" -d '{}' https://ServerName.site.lab:9090/rest/ps/private/v1/misc/certservice/certs
Enter host password for user 'root':
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
Cause
SSL Handshake between ESXI and VXRM fails.
Resolution
Run the below commands to verify the certificate issue.
Check and update the ESXi certificates using the VMware documentation below:
1. Run the below command to test the ESXi host connection, and capture the entire output:
vxm: # openssl s_client -crl_check_all -CApath /var/lib/vmware-marvin/trust/lin/ -connect <esxi_fqdn>:443
2. Run the below command to test the ESXi host connection, and capture the entire output:
vxm: # openssl s_client -crl_check -CApath /var/lib/vmware-marvin/trust/lin/ -connect <esxi_fqdn>:443
3. Run the below command to test the ESXi host connection, and capture the entire output:
vxm: # openssl s_client -CApath /var/lib/vmware-marvin/trust/lin/ -connect <esxi_fqdn>:443
Example output: Verify return code: 0 (ok) Or, Verify return code: 12 (CRL has expired)
Review the VMware documentation to renew and refresh the ESXi certificates:
- Renew and Refresh ESXi Certificates - View VMware article Renew or Refresh ESXi Certificates
- Run the newest version of cert_util.py in article VxRail: How to manually import vCenter SSL certificate on VxRail Manager
Etkilenen Ürünler
VxRail, VxRail SoftwareMakale Özellikleri
Article Number: 000198975
Article Type: Solution
Son Değiştirme: 05 Eyl 2025
Version: 7
Sorularınıza diğer Dell kullanıcılarından yanıtlar bulun
Destek Hizmetleri
Aygıtınızın Destek Hizmetleri kapsamında olup olmadığını kontrol edin.