A general system error occurred: Unable to get signed certificate for host – vSphere 6.5 – Web Client


The Problem

When trying to update the certificate on an ESXi host with a certificate generated by the VMCA you may run into the error A general system error occurred: Unable to get signed certificate for host  as detailed in this VMware KB HERE.

This happens when you try to renew ESXi host SSL certificates like so:

Cert Error 1

But you receive the error as below:

Not a big deal, however the VMware KB only tells you how to solve this using the good old C# client, not the vSphere Web Client. If you are running vSphere 6.5 then you are SOL using the KB instructions.

The Solution

First things first, select the vCenter from the inventory and then click on Configure tab and the click on Advanced Settings followed by the Edit  button as shown below.

Cert Error 3

The following dialogue box appears

Cert Error 4

Hunt out the vpxd.certmgmt.certs.minutesBefore setting and change it to 10 from 1440. This will allow you to assign a new SSL certificate to the host. More details of why this is the case can be found in the VMware KB.

Try the certificate renewal again and you should end up with something like this:

Cert Error 5

 

Success!

Ian

Leave a comment

Your email address will not be published. Required fields are marked *