A general system error occurred: Unable to get signed certificate for host – vSphere 6.5 – Web Client

The Problem

When trying to update the certificate on an ESXi host with a certificate generated by the VMCA you may run into the error A general system error occurred: Unable to get signed certificate for host  as detailed in this VMware KB HERE.

This happens when you try to renew ESXi host SSL certificates like so:

Cert Error 1

But you receive the error as below:

Not a big deal, however the VMware KB only tells you how to solve this using the good old C# client, not the vSphere Web Client. If you are running vSphere 6.5 then you are SOL using the KB instructions.

The Solution

First things first, select the vCenter from the inventory and then click on Configure tab and the click on Advanced Settings followed by the Edit  button as shown below.

Cert Error 3

The following dialogue box appears

Cert Error 4

Hunt out the vpxd.certmgmt.certs.minutesBefore setting and change it to 10 from 1440. This will allow you to assign a new SSL certificate to the host. More details of why this is the case can be found in the VMware KB.

Try the certificate renewal again and you should end up with something like this:

Cert Error 5

 

Success!

Ian

You may also like...

3 Responses

  1. Jeff Saxe says:

    Thanks very much! You rock, Ian.

    VMWare’s instructions to repair this say to use the old fat client, but as you note, you can no longer connect with that if this is a nice fresh install of 6.5! Grrrr. Thanks for showing us how to get to the equivalent Advanced Settings in the new interface. Thanks for your generosity, and thanks to Google for being able to find your article.

    — JeffS

  2. Tara says:

    Thank you so much. Having to change from the Windows C# client to the Web/HTML client is frustrating enough. Then having these odd errors on adding the second host – was about to cancel the upgrade. Worked perfectly.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.