Today I needed to import a new vRA certificate because the Root Chain was missing from it and some browsers showed the SSL Security Warning message when accessing the vRA environment.
What was supposed to be a simple task turned out to be a more challenging one as we were greeted with the following message:
The Certificate Chain was of the following form:
No typos, no empty spaces, nothing. Just a plain old Certificate Chain.
After some digging around and troubleshooting it turned out to be the order of which the certificates were in the provided certificate chain.
A tip: Your root certificate should be in the end as highlighted in the VMware KB here.
In our case the provided Certificate Chain contained the root certificate in the middle and the intermediate certificate in the end. Hence we were unable to import the certificate.
In other words:
“The certificates must be concatenated in order so that each directly certifies the one preceding”
So if you ever are tasked with importing a Certificate Chain, please remember the following:
Your Certificate Chain can contain more or less certificates depending on your setup.
Hope this saves you some time if you encounter this 🙂