"Renew" button for MACHINE_SSL cert disappears
book
Article ID: 314329
calendar_today
Updated On:
Products
VMware vCenter Server
Issue/Introduction
Symptoms:
"Renew" button for MACHINE_SSL cert disappears after updating the cert with certificate-manager utility.
vSpehre Client -> Administration -> Certificates -> Certificate Management -> Machine SSL Certificate -> ACTIONS -> Renew
Environment
VMware vCenter Server 7.0.1
VMware vCenter Server 7.0.0
Resolution
VCSA 7.0/7.0 U1 checks if VMCA value is CA.
VCSA 7.0 U2 has the fix for this and VMCA should be VCSA's FQDN.
Workaround:
Run certificate-manager utility with option 3 to update MACHINE_SSL cert.
VMCA Name should be CA (not FQDN) to take care of this.
Example:
Enter proper value for VMCA 'Name' : CA
Expected values:
# /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store MACHINE_SSL_CERT --text | grep Issuer:
Issuer: CN=CA, DC=vsphere, DC=local, C=US, ST=California, O=VMware, OU=VMware Engineering
Feedback
thumb_up
Yes
thumb_down
No