Replace SDDC Manager Certificate Manually | Recover from Expired SDDC Manager Certificates
search cancel

Replace SDDC Manager Certificate Manually | Recover from Expired SDDC Manager Certificates

book

Article ID: 314632

calendar_today

Updated On:

Products

VMware Cloud Foundation

Issue/Introduction

Replace the expired certificate to get the UI operational in order to be able to manage the environment again.

Environment

VMware Cloud Foundation 4.x

Cause

Not replacing SDDC Manager Certs before they expire in the VCF environment

Resolution

  1. Generate a signed certificate from the 3rd party CA manually.
  2. Using a file transfer utlility, like WinSCP, copy the new certificate to SDDC Manager.
  3. Backup and replace the private key (/etc/ssl/private/vcf_https.key) and the certificate (/etc/ssl/certs/vcf_https.crt)
  4. Make sure the permissions of the certificate and key files are as below
# ls -l /etc/ssl/certs/vcf_https.crt
  -rw-r--r-- 1 root root  /etc/ssl/certs/vcf_https.crt
# ls -l /etc/ssl/private/vcf_https.key
  -rw-r----- 1 root root  /etc/ssl/private/vcf_https.key

 

  1. Restart NGINX services:
nginx -t && systemctl reload nginx

 

  1. Add the certificate to the SDDC Manager truststore by following the steps in https://knowledge.broadcom.com/external/article/316056/how-to-adddelete-custom-ca-certificates.html



Powered by Wolken Software