Dell Technologies VxRail: 노드는 NIC 구성 SSL을 추가합니다. CERTIFICATE_VERIFY_FAILED

오류 로그:

22-04-28T05:33:31.194+0000 ERROR [pool-69-thread-1] com.vce.commons.domainowner.graphq.DefaultQueryExecutorImpl DefaultQueryExecutorImpl.filterOutErrorData:173 - Errors in do-host responsFQDN:9090 ssl: [[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:
852)]","locations":[{"line":1,"column":1542,"sourceName":null}],"description":null,"validationErrorType":null,"queryPath":null,"errorType":null,"path":["configuredHosts","0","hardware","pos
ition","rackName"],"extensions":null}

Curl 확인:

vxrm # curl --capath /var/lib/vmware-marvin/trust/lin --user root -X GET -H "Content-Type: application/json" -d '{}' https://ServerName.site.lab:9090/rest/ps/private/v1/misc/certservice/certs
Enter host password for user 'root':
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

ESXI와 VXRM 간의 SSL 핸드셰이크가 실패합니다.

vxm: # openssl s_client -crl_check_all -CApath /var/lib/vmware-marvin/trust/lin/ -connect :443

vxm: # openssl s_client -crl_check -CApath /var/lib/vmware-marvin/trust/lin/ -connect :443

vxm: # openssl s_client -CApath /var/lib/vmware-marvin/trust/lin/ -connect :443

Example output:
Verify return code: 0 (ok)
Or,
Verify return code: 12 (CRL has expired)

VMware 설명서를 검토하여 ESXi 인증서를 갱신하고 새로 고칩니다.

- ESXi 인증서 https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-ECFD1A29-0534-4118-B762-967A113D5CAA.html 갱신하고 새로 고칩니다. 
- VxRail 아래 kb에서 최신 버전의 cert_util.py를 실행합니다. VxRail Manager에서 vCenter SSL 인증서 수동으로 가져오는 법