Hi laurentsd
Plugin Registration Failure.
Issue: Registration of vSphere web client plugin with vCenter 6.5 Server failed to deploy with Error:
VcExtensionManager Downloading plugin package from https://198.18.3.218:8443/root/mypackage.zip (no proxy defined)
Note: the same registration process is working fine with vSphere 6.0 U2 for the said plugin.
vSphere Web Client Version: 6.5.0 Build 4240472
Steps Taken:
- Register the plugin with vSphere vCenter server using extension manager API registerExtension()
- Set the certificate thumbprint at the time of registration, the certificate is encrypted using SHA1 encryption.
- The registration passed, and the plugin package is visible in the mob extension manager.
- Re-login to vSphere web client, the package is not visible.
- Virgo logs indicates that the download of the package failed with the error “Certificates does not conform to algorithm constraints”.
Please find the log snippet below:
[2016-09-27T07:24:04.577-07:00] [INFO ] vc-extensionmanager-pool-80 70000082 100007 200005 com.vmware.vise.vim.extension.VcExtensionManager Downloading plugin package from https://198.18.3.218:8443/root/mypackage.zip (no proxy defined)
[2016-09-27T07:24:04.599-07:00] [WARN ] vc-extensionmanager-pool-77 70000082 100007 200005 com.vmware.vise.extensionfw.impl.PackageManifestParser Plugin id mismatch between the registered extension key (com.vmware.vsan.health)
and the id specified in plugin-package.xml (com.vmware.vsphere.client.vsan). The registration id will be used but you should keep them in sync.
[2016-09-27T07:24:04.634-07:00] [ERROR] vc-extensionmanager-pool-80 70000082 100007 200005 com.vmware.vise.vim.extension.VcExtensionManager Package com.plugin.key was not installed!
Error downloading https://198.18.3.218:8443/root/mypackage.zip. Make sure that the URL is reachable then logout/login to force another download. javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1513)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1441)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
at com.vmware.vise.util.http.ConnectionManager.connect(ConnectionManager.java:255)
at com.vmware.vise.util.http.SimpleHttpClient.connect(SimpleHttpClient.java:236)
at com.vmware.vise.util.http.SimpleHttpClient.executeMethodResponseAsStream(SimpleHttpClient.java:127)
at com.vmware.vise.vim.extension.VcExtensionManager.writePackageToFile(VcExtensionManager.java:940)
at com.vmware.vise.vim.extension.VcExtensionManager.downloadPackage(VcExtensionManager.java:889)
at com.vmware.vise.vim.extension.VcExtensionManager$2.call(VcExtensionManager.java:703)
at com.vmware.vise.vim.extension.VcExtensionManager$2.call(VcExtensionManager.java:694)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at com.vmware.vise.util.concurrent.QueuingCachedThreadPool$QueueProcessor.run(QueuingCachedThreadPool.java:885)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.security.cert.CertificateException: Certificates does not conform to algorithm constraints
at sun.security.ssl.AbstractTrustManagerWrapper.checkAlgorithmConstraints(SSLContextImpl.java:1055)
at sun.security.ssl.AbstractTrustManagerWrapper.checkAdditionalTrust(SSLContextImpl.java:981)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:923)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
... 27 common frames omitted
[2016-09-27T07:24:04.795-07:00] [INFO ] plugin-deploy11 70000082 100007 200005 com.vmware.vise.extensionfw.impl.PackagesDeployer Deploying plugin package 'com.vmware.vsan.health:6.5.0'.
[2016-09-27T07:24:04.795-07:00] [INFO ] plugin-deploy11 70000082 100007 200005 com.vmware.vise.extensionfw.impl.HotDeployBundleDeployer Copying using temp directory: C:\ProgramData\VMware\vCenterServer\runtime\vsphere-client\server\work\tmp, bundle: com.vmware.vsan.vmodl, to destination: C:\ProgramData\VMware\vCenterServer\runtime\vsphere-client\server\pickup\vsan-vmodl.jar
Query: is there any change in the vSphere plugin registration flow, specifically in terms of security/certificate.