vCenter Server Appliance Component Manager fails with an error when you first deploy it after an upgrade.

Problem

You deploy a vCenter Server Appliance instance and receive an error such as the following text:

"Firstboot script execution Error."

"The SSL certificate does not match when connecting to the vCenter Single Sign-On: hostname in certificate didn't match: <vcenter-b.domain.com> != <localhost.localdom> OR <localhost.localdom> OR <localhost>"

The vCenter Server Appliance instance names do not match the names in the SSL certificates. You must regenerate the certificates to get the correct Fully Qualified Domain Names.

Procedure

  1. Power on the vCenter Server Appliance 5.5 instance.
  2. Log into the VAMI https://IP:5480.
  3. Make sure that the correct IP address and Hostname are set in the Network Settings.
  4. Select the Certificate regeneration check box.
  5. Restart the vCenter Server Appliance 5.5 instance.

    The vCenter Server, vSphere Web Client, vami, slapd, vCenter Inventory Service, and vCenter Single Sign-On certificates are regenerated with a certificate containing CN=vcenter-a.domain.com and SubjectAltName containing DNS=vcenter-a.domain.com DNS=vcenter-a IP=192.168.2.100.The certificates no longer contain vcenter-b.domain.com.

  6. Rerun the vCenter Server Appliance 6.0 upgrade.

Results

See Upgrade the vCenter Server Appliance with Embedded vCenter Single Sign-On.