Certificate validation reference

Certificates validation errors reference table.

The following table lists the certificate validation errors that the apicup certs command might report.

Validation Messages Error Action to take
Verify that the certificate is set properly. certificate <cert> not set The certificate is not set.  
  unable to load cert <cert> The certificate is set but cannot be read.  
Verify certificate key usage (Extended Key Usage). unable to verify cert <cert>: missing key usage <n> The certificate is missing the required key usage. Check Certificate reference VMware to confirm the EKU required for the certificate.
Verify the certificate signing CA. If available, the CA file is loaded. Then the certificate is verified against the provided CA file, including enforcement of Extended Key Usage. unable to parse CA to verify cert <cert> The CA file could not be parsed and loaded.  
  unable to verify cert <cert> The certificate failed verification against the provided CA file. One possible reason for receiving this error is that the correct EKU is missing.
Verify certificate hosts. unable to verify cert <cert>: missing <host> The certificate is not valid for the required host. See Certificate reference VMware for the required hosts.
Verify that a certificate that is being used as a CA is a CA certificate. unable to verify cert <cert>: certificate is not a CA The certificate is not a valid CA.  
Verify client certificate match. The portal-client, and analytics-ingestion-client certificates are verified against the CA of portal-admin-ingress, and analytics-ingestion-ingress. a CA certificate must be provided for this certificate The CA certificate is missing for one of the portal-admin-ingress, and analytics-ingestion-ingress. The common certificates portal-client, and analytics-ingestion-client must be set before you set any custom certificates.
  client cert cannot be verified against provided CA certificate The verification failed.