Certificate validation reference
Certificates validation errors reference table.
The following table lists the certificate validation errors that the apicup certs command might report.
Validation | Messages | Error | Action to take |
---|---|---|---|
Verify that the certificate is set properly. | certificate <cert> not set |
The certificate is not set. | |
unable to load cert <cert> |
The certificate is set but cannot be read. | ||
Verify certificate key usage (Extended Key Usage). | unable to verify cert <cert>: missing key usage <n> |
The certificate is missing the required key usage. | Check Certificate reference VMware to confirm the EKU required for the certificate. |
Verify the certificate signing CA. If available, the CA file is loaded. Then the certificate is verified against the provided CA file, including enforcement of Extended Key Usage. | unable to parse CA to verify cert <cert> |
The CA file could not be parsed and loaded. | |
unable to verify cert <cert> |
The certificate failed verification against the provided CA file. | One possible reason for receiving this error is that the correct EKU is missing. | |
Verify certificate hosts. | unable to verify cert <cert>: missing <host> |
The certificate is not valid for the required host. | See Certificate reference VMware for the required hosts. |
Verify that a certificate that is being used as a CA is a CA certificate. | unable to verify cert <cert>: certificate is not a CA |
The certificate is not a valid CA. | |
Verify client certificate match. The portal-client, and analytics-ingestion-client certificates are verified against the CA of portal-admin-ingress, and analytics-ingestion-ingress. | a CA certificate must be provided for this certificate |
The CA certificate is missing for one of the portal-admin-ingress, and analytics-ingestion-ingress. | The common certificates portal-client, and analytics-ingestion-client must be set before you set any custom certificates. |
client cert cannot be verified against provided CA certificate |
The verification failed. |