Unable to download Trusted Roots Certificates for VCSA because it shows 0kb file.

解决方案真实有效

Symptoms

You are  unable to download Trusted Roots Certificates for VCSA because it shows 0kb file. 



You may also see a HTTP error 404 not found


When downloading them Via CLI with wget  you get  an error 404: Not found 

root@vc-emb2 [ /etc/vmware-vpx/docRoot ]# wget https://vc-emb2.gsslabs.org/certs/download.zip
--2022-08-22 15:08:31--  https://vc-emb2.gsslabs.org/certs/download.zip
Resolving vc-emb2.gsslabs.org... 127.0.0.1
Connecting to vc-emb2.gsslabs.org|127.0.0.1|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2022-08-22 15:08:31 ERROR 404: Not Found.

root@vc-emb2 [ /etc/vmware-vpx/docRoot ]#
 

 

 

 

Purpose

Assist TSE's and Customers fix this issue which in some cases is critical depending on the environment.
 

Cause

Missing simlink for /etc/vmware-vpx/docRoot/certs

 

Impact / Risks

Medium. Depending on the environment.
If deploying VXRail or any other 3rd party solutions that require trusted root certificates to be imported.

Resolution

1. Take proper Snapshots for your SSO topology.(If enhanced Linked Mode it needs to be powered off snapshots).
2. Make sure CRL's are not causing the issue https://kb.vmware.com/s/article/59555
3. check if symlink for /var/lib/vmware-vpx/docRoot/certs >>>>>/etc/vmware-vpx/docRoot/certs  exists.

 

1.  ls -ltra /etc/vmware-vpx/docRoot if the certs symlink does not exist  run this command to create it: ln -sfn /var/lib/vmware-vpx/docRoot/certs /etc/vmware-vpx/docRoot/certs

Note: for 6.x please use the command  ln -sfn /etc/vmware-vpx/ssl /etc/vmware-vpx/docRoot/certs
 

 

1. Restart VCSA  services using command service-control --stop --all && service-control --start --all or reboot VCSA.
2. Try downloading the Trusted Root Certificates again.