VMware cloud account validation failed – alternative workaround on KB88531

Recently we had an issue with the validation of a VMware cloud account in vRA. The validation didn’t work.
A colleague at the customer site found the correct VMware KB artikel that addressed this issue ( it is KB article 88531)
This post is about an alternative approach for the same workaround mentioned in the KB article. This is not an in-depth article. You should have knowledge about vRA and using REST API calls.


The issue is that the certificate info has not been stored in the cloud account.
And this can happen when the vCenter SSL certificate is renewed, and in vRA you accept the new certificate, but you didn’t hit the ‘SAVE ‘ button.
When accepting the new certificate, you stored it in the certificate store of vRA. But because you didn’t hit save, that info wasn’t stored with the cloud account registration.
According to the article this has been solved in vRA 8.9 and for prior versions there is a workaround


The workaround is correct. But what I don’t like about it, is that there is no explanation about what you are doing.
The workaround uses the REST API interface of vRA to store the correct certificate with the cloud account. And if they would have mentioned that, maybe the reader would think… wait…. REST API…. can I use the swagger interface…..

Yes you can.
The API calls we need are:

  • GET /iaas/api/cloud-accounts
    To find the cloud-account-id of the vCenter Cloud Account we are going to update
  • PATCH /iaas/api/cloud-accounts/{cloud-account-id}
    To store the new certificate information with the vCenter Cloud account


  1. Store the vCenter certificate (including the chain) as a PEM file.
  2. Go to the swagger ui (which can be found at {root-url}/automation-ui/api-docs/
  3. Go to the ‘Infrastructure as a Service section
    In this section you will find the API calls we need.
  4. Authenticate with vRA using a Bearer token.
    (Tip: you can get a Bearer token using the REST API calls on the swagger ui and/or create a vRO action to get a Bearer token)
  5. Search for the cloud account id by using the ‘GET /iaas/api/cloud-accounts’
  6. Convert the PEM file to a single line where the line ends are replaced with \n
  7. update the cloud account with the new certificate information using the ‘PATCH /iaas/api/cloud-accounts/{cloud-account-id}? apiVersion=2021-07-15’ API call.
    (note: using the url parameter apiVersion is crucial)
    You should get a HTTP status code of 202 for confirmation.
  8. run the validation of the cloud account in vRA, it should work now

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: