vRA – Certificate chain is not valid

Today I needed to import a new vRA certificate because the Root Chain was missing from it and some browsers showed the SSL Security Warning message when accessing the vRA environment.

What was supposed to be a simple task turned out to be a more challenging one as we were greeted with the following message:

Screenshot 2019-08-09 at 18.25.21.png

The Certificate Chain was of the following form:

Screenshot 2019-08-21 at 08.55.31

No typos, no empty spaces, nothing. Just a plain old Certificate Chain.

After some digging around and troubleshooting it turned out to be the order of which the certificates were in the provided certificate chain.

A tip: Your root certificate should be in the end as highlighted in the VMware KB here.

In our case the provided Certificate Chain contained the root certificate in the middle and the intermediate certificate in the end. Hence we were unable to import the certificate.

In other words:

“The certificates must be concatenated in order so that each directly certifies the one preceding”

So if you ever are tasked with importing a Certificate Chain, please remember the following:


Your Certificate Chain can contain more or less certificates depending on your setup.

Hope this saves you some time if you encounter this 🙂







Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s