![\"kA23a0000000BfwCAE_3_0\"\/](\"https:\/\/supportkb.dell.com\/img\/ka06P000000TRfuQAG\/ka06P000000TRfuQAG_en_US_15.jpeg\")
<\/figure>\n\n\n\nRestart of VCSA services fails.<\/p>\n\n\n\n
Restart of services does not bring up all services.<\/p>\n\n\n\n
Errors observed: <\/strong><\/p>\n\n\n\n \/var\/log\/vmware\/vpxd-svcs\/vpxd-svcs.log:<\/p>\n\n\n\n 2020-06-03T09:31:04.523Z [pool-8-thread-1 INFO com.vmware.identity.token.impl.X509TrustChainKeySelector opId=905f6864-c067-4db6-828c-1d59c4b43bf8] Failed to find trusted path to signing certificate <CN=ssoserverSign> vCenter certificates are expired.<\/p>\n\n\n\n VxRail which was initially built prior to 4.7, may have certificates issued with a lifespan of two years from the date of installation. At the time of writing this article, a VxRail build on 4.7.410 has all certificates with a 10 year lifespan.<\/p>\n\n\n\n Minor version upgrades will not touch the certificates!<\/p>\n\n\n\n For a VxRail which was initially built on 4.5.210 and later versions, the certificates have a two-year validity period. Check VMware KB article 79248<\/a> to confirm the detailed description.<\/p>\n\n\n\n Use the view certificate in the browser of the log in page of the VCSA to confirm the certificate has expired or list the certificates in the CLI of the PSC\/VCSA with the command from VMware KB article 76719<\/a>: <\/p>\n\n\n\n This procedure will generate new self-signed certificates on PSC and VCSA.<\/p>\n\n\n\n IMPORTANT<\/strong>: This procedure is intended for single PSC\/VCSA VMs which are maintained through VxRail LCM. For HA \/ ELM \/ Customer deployed VCs – please open a VMware ticket!<\/p>\n\n\n\n IMPORTANT<\/strong>: Take OFFLINE <\/strong>snapshots of VRM, PSC, and VCSA!<\/p>\n\n\n\n IMPORTANT<\/strong>: Check if the snapshot creating process has finished without errors! Do NOT continue without valid snapshots!<\/strong><\/p>\n\n\n\n IMPORTANT<\/strong>: If issues encountered, do not retry without reverting to snapshots!<\/p>\n\n\n\n Get site nameCompleted [Reset Machine SSL Cert…]<\/em><\/p>\n\n\n\n g3node-site 2. Fix the STS issue – Download and run fixsts.sh from VMware KB 76719<\/a><\/p>\n\n\n\n \/usr\/lib\/vmware-vmca\/bin\/certificate-manager<\/em><\/p>\n\n\n\n service-control –all –status<\/em><\/p>\n\n\n\n 3. Fix certificates on VCSA<\/p>\n\n\n\n service-control –all –status<\/em><\/p>\n\n\n\n Notes: <\/strong><\/p>\n\n\n\n Log in to vCenter GUI is not possible. If Web GUI is still available, […]<\/p>\n","protected":false},"author":1,"featured_media":14583,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-14643","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vxrail-hci"],"aioseo_notices":[],"aioseo_head":"\n\t\t\n\t\n\t\n\t\n\t\n\t\n\t\n\t\t
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)<\/p>\n\n\n\nCause<\/h4>\n\n\n\n
for i in $(\/usr\/lib\/vmware-vmafd\/bin\/vecs-cli store list); do echo STORE $i; \/usr\/lib\/vmware-vmafd\/bin\/vecs-cli entry list --store $i --text | egrep \"Alias|Not After\"; done<\/pre>\n\n\n\n
Resolution<\/h4>\n\n\n\n
\n
\n
\/usr\/lib\/vmware-vmca\/bin\/certificate-manager<\/em>\n\n<\/pre>\n\n\n\n
\n
\n
![\"kA23a0000000BfwCAE_2_0\"](\"https:\/\/supportkb.dell.com\/img\/ka06P000000TRfuQAG\/ka06P000000TRfuQAG_en_US_1.jpeg\")
<\/li>\n\n\n\n\n
Lookup all services
Get service g3node-site:9ebfb9b2-d202-4d8f-9282-b08f3a317b8f
Update service g3node-site:9ebfb9b2-d202-4d8f-9282-b08f3a317b8f; spec: \/tmp\/svcspec_a1hipoqq
Status : 0% Completed [Reset operation failed]<\/strong>
please see \/var\/log\/vmware\/vmcad\/certificate-manager.log for more information.
root@g3psc [ ~ ]# <\/em><\/p>\n\n\n\n![\"kA23a0000000BfwCAE_2_1\"\/](\"https:\/\/supportkb.dell.com\/img\/ka06P000000TRfuQAG\/ka06P000000TRfuQAG_en_US_2.jpeg\")
<\/figure>\n\n\n\n![\"kA23a0000000BfwCAE_2_2\"\/](\"https:\/\/supportkb.dell.com\/img\/ka06P000000TRfuQAG\/ka06P000000TRfuQAG_en_US_3.jpeg\")
<\/figure>\n\n\n\n\n
\n
\n
![\"kA23a0000000BfwCAE_2_3\"\/](\"https:\/\/supportkb.dell.com\/img\/ka06P000000TRfuQAG\/ka06P000000TRfuQAG_en_US_4.jpeg\")
<\/figure>\n\n\n\n\n
\n
\n
![\"kA23a0000000BfwCAE_2_4\"\/](\"https:\/\/supportkb.dell.com\/img\/ka06P000000TRfuQAG\/ka06P000000TRfuQAG_en_US_5.jpeg\")
<\/figure>\n\n\n\n\n
![\"kA23a0000000BfwCAE_2_5\"\/](\"https:\/\/supportkb.dell.com\/img\/ka06P000000TRfuQAG\/ka06P000000TRfuQAG_en_US_6.jpeg\")
<\/figure>\n\n\n\n\n
\n
<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n![\"kA23a0000000BfwCAE_2_6\"\/](\"https:\/\/supportkb.dell.com\/img\/ka06P000000TRfuQAG\/ka06P000000TRfuQAG_en_US_7.jpeg\")
<\/figure>\n\n\n\n\n
\/usr\/lib\/vmware-vmca\/bin\/certificate-manager<\/em>\n\n<\/pre>\n\n\n\n
\n
<\/li>\n<\/ul>\n\n\n\n![\"kA23a0000000BfwCAE_2_7\"\/](\"https:\/\/supportkb.dell.com\/img\/ka06P000000TRfuQAG\/ka06P000000TRfuQAG_en_US_8.jpeg\")
<\/figure>\n\n\n\n\n
<\/li>\n<\/ul>\n\n\n\n![\"kA23a0000000BfwCAE_2_8\"\/](\"https:\/\/supportkb.dell.com\/img\/ka06P000000TRfuQAG\/ka06P000000TRfuQAG_en_US_9.jpeg\")
<\/figure>\n\n\n\n\n
![\"kA23a0000000BfwCAE_2_9\"](\"https:\/\/supportkb.dell.com\/img\/ka06P000000TRfuQAG\/ka06P000000TRfuQAG_en_US_10.jpeg\")
![\"kA23a0000000BfwCAE_2_10\"](\"https:\/\/supportkb.dell.com\/img\/ka06P000000TRfuQAG\/ka06P000000TRfuQAG_en_US_11.jpeg\")
<\/li>\n\n\n\n![\"kA23a0000000BfwCAE_2_11\"](\"https:\/\/supportkb.dell.com\/img\/ka06P000000TRfuQAG\/ka06P000000TRfuQAG_en_US_12.jpeg\")
<\/p>\n\n\n\n\n
![\"kA23a0000000BfwCAE_2_12\"\/](\"https:\/\/supportkb.dell.com\/img\/ka06P000000TRfuQAG\/ka06P000000TRfuQAG_en_US_13.jpeg\")
<\/figure>\n\n\n\n![\"kA23a0000000BfwCAE_2_13\"\/](\"https:\/\/supportkb.dell.com\/img\/ka06P000000TRfuQAG\/ka06P000000TRfuQAG_en_US_14.jpeg\")
<\/figure>\n\n\n\nAdditional Information<\/h4>\n\n\n\n
\n