While trying to test out vVols in our vSphere 6.5 environment, presented via IBM Spectrum Control Base 3.2 from a StoreWize V9000 SAN, I ran into a small issue that took me a while to figure out:
I installed Spectrum Control Base 3.2 and presented its web services via a FQDN.
To avoid the nagging of modern browsers, I used a regular wildcard certificate valid for the domain I chose to use.
After the initial setup, when I tried to add SCB as a storage provider in VMware, I got the following error message: “A problem was encountered while provisioning a VMware Certificate Authority (VMCA) signed certificate for the provider.“
A web search showed me that this was a pretty common problem with several VASA providers, but none of the suggested solutions applied to our environment. After half an hour of skimming forums and documentation I found the following quote in an ancient support document from VMware:
Note: VMware does not support the use of wildcard certificates.
So: I generated a self-signed certificate in the Spectrum Control Base server webUI, and the problem disappeared.
Lesson of today: We don’t use wildcard certificates in a VMware service context.