Lower the java security setting in vROps 6 to accept certificates < 1024 Bit length

Note: The following workaround is unsupported and should be used at your own risk.

Does your vCenter have an older, weak certificate and replacing it is not an option? This is usually the case in a POC environment and many customers are not yet ready to upgrade their old 512-bit vCenter certificates.

Are you seeing the following error when configuring a vCenter instance with vRealize Operations Manager 6? “Unable to establish a valid connection to the target system. javax.net.ssl.SSLPeerUnverifiedException:peer not authenticated”

You are in luck, you can lower the java security setting in vROps to accept certificates < 1024 Bit length by following the below instructions:

Edit File “/usr/java/jre-vmware/lib/security/java.security” on each vR Ops Node

Find the line “jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024”

Replace with “jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 512”

Restart vROps (stop and start over the admin interface is sufficient).

After these steps you can add vCenter with 512 Bit certificates again! Upgrading your certificates on vCenter to 2048 should be made a high priority in 2015!


Leave a reply