Troubleshooting vLCM UI firmware bundle display issues: SSL certificate cannot be verified

root@VCSA-111 [ ~ ]# cat /storage/log/vmware/vmware-updatemgr/vum-server/hsm-service.log
SSL certificate verify failed: HTTPSConnectionPool(host='<HOST_IP>', port=443): Max retries exceeded with url: /hsm/vsphere-lcm/hw-support/v1/packages (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1076)')))

1. Using SSH, log on to the Master Node VM.
2. Retrieve the Kong admin cluster IP address. Enter:

   kubectl get svc -n ucp | grep admin

   For example:

   [root@sc-ucpa-master-152 tmp]# kubectl get svc -n ucp | grep admin
   ....
   ....
   NAME                  TYPE     CLUSTER-IP  EXTERNAL-IP PORT(S)        AGE
   ucpadvisor-kong-admin NodePort 10.96.1.117 <none>      8444:32364/TCP 3d21h

   In this example, the Kong admin cluster IP address is 10.96.1.117.
3. Retrieve the certificate ID registered with the Kong pod. Enter:

   curl -k https://<Kong-admin-cluster-IP-address>:8444/certificates

   For example:

    [root@sc-ucpa-master-152 Certificate]# curl -k https://10.96.3.80:8444/certificates
   ....
   ....
   {"data":[{"created_at":1683068202,"snis":["58-79.sie.hds.com"],"id":"19aa437b-5c20-494b-90f0-4a43b2bbd6c7","key":"-----BEGIN RSA PRIVATE 
   .....
   .....

   In this example, the Kong pod's certificate ID is 19aa437b-5c20-494b-90f0-4a43b2bbd6c.
4. Delete all the certificates registered with the Kong pod. Enter:

   curl -k -X DELETE  https://<Kong-admin-cluster-IP-address>:8444/certificates/<certificate-ID>

5. Unregister the UCP Advisor plugin. See Unregistering a UCP Advisor plugin.
6. Register the UCP Advisor plugin. See Registering the UCP Advisor plugin.
7. In a new browser, log on to vCenter and verify that the vLCM UI lists the firmware bundle.