Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Create and access a list of your products
Sign In Create an Account Premier Sign In Partner Program Sign In
Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

Dell Technologies VxRail: Node add NIC configuration SSL: CERTIFICATE_VERIFY_FAILED

Summary: Dell Technologies VxRail: Node add NIC configuration SSL: CERTIFICATE_VERIFY_FAILED Observed on version 7.0.350.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

While performing a Node Add, we are unable to go pass the NIC Configuration Page.
VxRail Version 7.0.350.
 

Error log:

22-04-28T05:33:31.194+0000 ERROR [pool-69-thread-1] com.vce.commons.domainowner.graphq.DefaultQueryExecutorImpl DefaultQueryExecutorImpl.filterOutErrorData:173 - Errors in do-host responsFQDN:9090 ssl:<gevent._ssl3.SSLContext object at 0x7f31e9481278> [[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:
852)]","locations":[{"line":1,"column":1542,"sourceName":null}],"description":null,"validationErrorType":null,"queryPath":null,"errorType":null,"path":["configuredHosts","0","hardware","pos
ition","rackName"],"extensions":null}


Curl check:

vxrm # curl --capath /var/lib/vmware-marvin/trust/lin --user root -X GET -H "Content-Type: application/json" -d '{}' https://ServerName.site.lab:9090/rest/ps/private/v1/misc/certservice/certs
Enter host password for user 'root':
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

Cause

SSL Handshake between ESXI and VXRM fails.

 

 

Resolution

Run the below commands to verify the certificate issue.
Check and update the ESXi certificates using the VMware documentation below:

1. Run the below command to test the ESXi host connection, and capture the entire output: 
vxm: # openssl s_client -crl_check_all -CApath /var/lib/vmware-marvin/trust/lin/ -connect <esxi_fqdn>:443

2. Run the below command to test the ESXi host connection, and capture the entire output: 
vxm: # openssl s_client -crl_check -CApath /var/lib/vmware-marvin/trust/lin/ -connect <esxi_fqdn>:443

3. Run the below command to test the ESXi host connection, and capture the entire output: 
vxm: # openssl s_client -CApath /var/lib/vmware-marvin/trust/lin/ -connect <esxi_fqdn>:443
Example output:
Verify return code: 0 (ok)
Or,
Verify return code: 12 (CRL has expired)


Review the VMware documentation to renew and refresh the ESXi certificates:

- Renew and Refresh ESXi Certificates https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-ECFD1A29-0534-4118-B762-967A113D5CAA.html. Third party link icon
- Run newest version of cert_util.py in kb below VxRail: How to manually import vCenter SSL certificate on VxRail Manager

 

Affected Products

VxRail, VxRail Appliance Family, VxRail Appliance Series
Article Properties
Article Number: 000198975
Article Type: Solution
Last Modified: 19 May 2023
Version:  4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.