mcpv registration failed

raimiansch · ‎2014-06-10

Hello Together!

Today I have downloaded the MCPV (MetroCluster vSphere Plug-in). The installation works fine without any error. But the Plugin is not visible in the vSphere Webclient. Re-register the Plugin on the CMD failed with following error:

MCPV command: 'register' failed.

<html>

<head>

<title>Error 500 VI SDK invoke exception:javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: C

ertificates does not conform to algorithm constraints</title>

</head>

<body><h2>HTTP ERROR 500</h2>

<p>Problem accessing /mcpv/register. Reason:

<pre> VI SDK invoke exception:javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints</pre></p><h3>Caused by:</h3><pre>java.rmi.RemoteException: VI SDK invoke exception:javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints

Have any one else this error?

Thanks

Rainer

ANDRIANAIVO · ‎2014-07-09

Hi Rainer,

the problem is that newer Java versions have more restrictive security settings (does not accept RSA keySize < 2048), and the keySize of the VMware VCenter certificates is only 512.

You can resolve this Problem by editing the java security file (C:\Program Files\NetApp\MetroCluster Plug-in for vSphere\jre\lib\security\java.security) and reduce the limit of accepted RSA keySize by modifying the option jdk.certpath.disabledAlgorithms:

--

jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 512

--

then restart the MCPV service and re-register it manually with the vcenter-server

--

<pathtoMCPV>\metrocluster register https://<host-ip-or-fqdn>:28443/mcpv/register <ipAddress> <userName> <password>

--

P.S.: don't use localhost hier as listed in the documentation. Use service IP or FQDN instead!

Kind regards,

Fidy