Replace SDDC Manager Certificate Manually | Recover from Expired SDDC Manager Certificates
Article ID: 314632
Updated On:
Products
VMware Cloud Foundation
Issue/Introduction
Replace the expired certificate to get the UI operational in order to be able to manage the environment again.
Symptoms:
SDDC Manager certificates expired in the environment and the UI is no longer accessible
Symptoms:
SDDC Manager certificates expired in the environment and the UI is no longer accessible
Environment
VMware Cloud Foundation 4.x
Cause
Not replacing SDDC Manager Certs before they expire in the VCF environment
Resolution
- Generate a signed certificate from the 3rd party CA manually.
- Using a file transfer utlility, like WinSCP, copy the new certificate to SDDC Manager.
- Backup and replace the private key (/etc/ssl/private/vcf_https.key) and the certificate (/etc/ssl/certs/vcf_https.crt)
- Make sure the permissions of the certificate and key files are as below
# ls -l /etc/ssl/certs/vcf_https.crt
-rw-r--r-- 1 root root /etc/ssl/certs/vcf_https.crt
# ls -l /etc/ssl/private/vcf_https.key
-rw-r----- 1 root root /etc/ssl/private/vcf_https.key
-rw-r--r-- 1 root root /etc/ssl/certs/vcf_https.crt
# ls -l /etc/ssl/private/vcf_https.key
-rw-r----- 1 root root /etc/ssl/private/vcf_https.key
- Restart NGINX services:
nginx -t && systemctl reload nginx
- Add the certificate to the SDDC Manager truststore by following the steps in https://knowledge.broadcom.com/external/article/316056/how-to-adddelete-custom-ca-certificates.html
Feedback
Yes
No
Powered by
