The purpose of this article is to rotate the certificate authority so that the certificates generated are valid.
The Certificate Authority used for signing certificates in LCM is expired after two years of installation.
Recommend to implement the workaround for now.
curl --insecure -X PATCH https://vRSLCMFQDN/lcm/locker/api/certificates/ca -H "Authorization: Basic Base64 encoded username:password"
Note: The authorization header should have the base64 encoded value of username and password in the format, username:password. For example, if the username is admin@local and password is vmware then the value should be base64 encoded of admin@local:vmware.
Note: When using base64 on the vRSLCM appliance, run the following command to ensure the echo \n is not processed in the encoding by base64 by running the following command
echo -n 'admin@local:vmware' | base64
Full example of command using sample credentials above would be:
curl --insecure -X PATCH https://vRSLCMFQDN/lcm/locker/api/certificates/ca -H "Authorization: Basic YWRtaW5AbG9jYWw6dm13YXJl"