"Renew" button for MACHINE_SSL cert disappears
search cancel

"Renew" button for MACHINE_SSL cert disappears

book

Article ID: 314329

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:
"Renew" button for MACHINE_SSL cert disappears after updating the cert with certificate-manager utility.

vSpehre Client -> Administration -> Certificates -> Certificate Management -> Machine SSL Certificate -> ACTIONS -> Renew

Environment

VMware vCenter Server 7.0.1
VMware vCenter Server 7.0.0

Resolution

VCSA 7.0/7.0 U1 checks if VMCA value is CA.
VCSA 7.0 U2 has the fix for this and VMCA should be VCSA's FQDN.

Workaround:
Run certificate-manager utility with option 3 to update MACHINE_SSL cert.
VMCA Name should be CA (not FQDN) to take care of this.

Example:
Enter proper value for VMCA 'Name' : CA

Expected values:
# /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store MACHINE_SSL_CERT --text | grep Issuer:
        Issuer: CN=CA, DC=vsphere, DC=local, C=US, ST=California, O=VMware, OU=VMware Engineering