Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

Article Number: 000198975

Dell Technologies VxRail: Node add NIC configuration SSL: CERTIFICATE_VERIFY_FAILED

Summary: Dell Technologies VxRail: Node add NIC configuration SSL: CERTIFICATE_VERIFY_FAILED Observed on version 7.0.350.

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content

Symptoms

While performing a Node Add, we are unable to go pass the NIC Configuration Page.
VxRail Version 7.0.350.
 

Error log:

22-04-28T05:33:31.194+0000 ERROR [pool-69-thread-1] com.vce.commons.domainowner.graphq.DefaultQueryExecutorImpl DefaultQueryExecutorImpl.filterOutErrorData:173 - Errors in do-host responsFQDN:9090 ssl:<gevent._ssl3.SSLContext object at 0x7f31e9481278> [[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:
852)]","locations":[{"line":1,"column":1542,"sourceName":null}],"description":null,"validationErrorType":null,"queryPath":null,"errorType":null,"path":["configuredHosts","0","hardware","pos
ition","rackName"],"extensions":null}


Curl check:

vxrm # curl --capath /var/lib/vmware-marvin/trust/lin --user root -X GET -H "Content-Type: application/json" -d '{}' https://ServerName.site.lab:9090/rest/ps/private/v1/misc/certservice/certs
Enter host password for user 'root':
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

Cause

SSL Handshake between ESXI and VXRM fails.

 

 

Resolution

Run the below commands to verify the certificate issue.
Check and update the ESXi certificates using the VMware documentation below:

1. Run the below command to test the ESXi host connection, and capture the entire output: 
vxm: # openssl s_client -crl_check_all -CApath /var/lib/vmware-marvin/trust/lin/ -connect <esxi_fqdn>:443

2. Run the below command to test the ESXi host connection, and capture the entire output: 
vxm: # openssl s_client -crl_check -CApath /var/lib/vmware-marvin/trust/lin/ -connect <esxi_fqdn>:443

3. Run the below command to test the ESXi host connection, and capture the entire output: 
vxm: # openssl s_client -CApath /var/lib/vmware-marvin/trust/lin/ -connect <esxi_fqdn>:443
Example output:
Verify return code: 0 (ok)
Or,
Verify return code: 12 (CRL has expired)


Review the VMware documentation to renew and refresh the ESXi certificates:

- Renew and Refresh ESXi Certificates https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-ECFD1A29-0534-4118-B762-967A113D5CAA.html. Third party link icon
- Run newest version of cert_util.py in kb below VxRail: How to manually import vCenter SSL certificate on VxRail Manager

 

Article Properties

Affected Product

VxRail, VxRail Appliance Family, VxRail Appliance Series

Last Published Date

19 May 2023

Version

4

Article Type

Solution

Back to Top