A general system error occurred: Unable to get signed certificate for host – vSphere 6.5 – Web Client
The Problem
When trying to update the certificate on an ESXi host with a certificate generated by the VMCA you may run into the error A general system error occurred: Unable to get signed certificate for host as detailed in this VMware KB HERE.
This happens when you try to renew ESXi host SSL certificates like so:
But you receive the error as below:
Not a big deal, however the VMware KB only tells you how to solve this using the good old C# client, not the vSphere Web Client. If you are running vSphere 6.5 then you are SOL using the KB instructions.
The Solution
First things first, select the vCenter from the inventory and then click on Configure tab and the click on Advanced Settings followed by the Edit button as shown below.
The following dialogue box appears
Hunt out the vpxd.certmgmt.certs.minutesBefore setting and change it to 10 from 1440. This will allow you to assign a new SSL certificate to the host. More details of why this is the case can be found in the VMware KB.
Try the certificate renewal again and you should end up with something like this:
Success!
Ian
Thanks very much! You rock, Ian.
VMWare’s instructions to repair this say to use the old fat client, but as you note, you can no longer connect with that if this is a nice fresh install of 6.5! Grrrr. Thanks for showing us how to get to the equivalent Advanced Settings in the new interface. Thanks for your generosity, and thanks to Google for being able to find your article.
— JeffS
Hey Jeff, glad I helped some one else out with this! May all your certificates be issued now ?
Ian
Thank you so much. Having to change from the Windows C# client to the Web/HTML client is frustrating enough. Then having these odd errors on adding the second host – was about to cancel the upgrade. Worked perfectly.