When adding an ESXi host to a cluster, you might see this error:
A general system error occured: Unable to get signed certificate for host <your host>. Error: Start Time Error (70034).
You are more likely to see this in a lab environment but may also see it in production, if you have just generated the certificate that replaces the VMware Certificate Authority (VMCA) root certificate, to make it an intermediate authority within your lab/organisation. I like to do that as pretty much the first thing after installation and before adding any ESXi hosts so that all compliant services from that point forward, get their certificate from the VMCA.
However according to this article, VMCA predates the ESXi certificates by 24 hours when adding them to the environment, to avoid time-synchronisation issues. If you’ve just generated VMCA’s own certificate, its time-stamp might become later in time than the generated ESXi certificates and hence the error. The suggested fix is to either wait 24 hours or add the hosts before replacing VMCA’s root certificate. If I have the choice, I prefer taking the first route as avoiding manual handling of certificates going forward is the whole point here.
Once it’s left for 24 hours, adding hosts works fine without any problems.
Hope this helps!
You can also reduce the predating duration by editing vCenter Advanced Setting vpxd.certmgmt.certs.minutesBefore to something appropriate for the lab, like 5 minutes.
Thank you Jeff adn Ather for sharing. works !