Configuring two or more PSC 6.5 nodes behind a Load Balancer can be done to provide High Availability to the PSC services.
This can be useful to have a central PSC HA pair and have multiple vCenter Servers registered against the PSC HA pair for enhanced linked mode.
It would also be required if using vCenter HA with an external PSC, otherwise you’re only providing HA to half the vCenter Server instance.
I hope this guide helps perform the setup with ease and clarity.
have you tried reinstalling? 
Running through this page “PSC HA 6.5: 5b – Validate PSC HA 6.5”.
All goes well until I try to verify the cs.license SSL Trust.
The output from validation command returns the following, “root@vrpcad1vdippsc1 [ ~ ]# echo “—–BEGIN CERTIFICATE—–” >> /tmp/cs.license_endpoint.crt; echo | python /usr/lib/vmidentity/tools/scripts/lstool.py list –url http://localhost:7080/lookupservice/sdk –site vdi-a –type cs.license 2> /dev/null | grep “SSL trust” | uniq | awk ‘{ print $3 }’ >> /tmp/cs.license_endpoint.crt; echo “—–END CERTIFICATE—–” >> /tmp/cs.license_endpoint.crt; openssl x509 -in /tmp/cs.license_endpoint.crt -noout -text; rm /tmp/cs.license_endpoint.crt
unable to load certificate
139945415829144:error:0906D064:PEM routines:PEM_read_bio:bad base64 decode:pem_lib.c:824:”
LikeLike
Hello there,
I am wondering if it would be possible to help me with my deployment in regards to my previous comment?
LikeLike
Hi – I was on vacation and keep in mind this blog is a hobby, not a replacement from VMware Support.
Based on “[500] SSO error: Could not parse certificate: java.io.IOException: java.lang.IllegalArgumentException: Input byte array has incorrect ending byte at 2628” one guess is that your are placing the VMCA with a certificate greater than 2048 bit key length? I’ve heard reports that 4096 and greater are causing issues.
I’d advise opening a support request with VMware Support for more analysis.
Thanks.
LikeLike
@tradsd224 I hit this issue last night. Opened a support request and confirm an issue.
I was able to workaround issue by installing the PSCs with 6.5 GA – doing the setup with the SSL and HA config. Then upgraded the PSC appliance to 6.5D (rebooted the PSCs after the upgrade) and was able to install vCenter 6.5D against the VIP address.
I had the same verification problem in the ‘cs.license SSL Trust’ but using an older build as a workaround worked.
Open an SR to get the official response from GSS support about the issue.
LikeLike
Discovered there’s a bug in the 6.5.0d PSC HA scripts. Should be fixed in the next patch. If you grab the updateLSEndpoint.py from an earlier build of the PSC you can use that on 6.5.0d
LikeLike
Thanks for the update. Looks like its still an issue in release 6.5.0.e.
Will try using the GA file.
LikeLike
Yup. Should be fixed in the first major update to vSphere 6.5 (i.e. 6.5 U1) Not too far away
LikeLike