Update vCenter Certificate for TKG Cluster
search cancel

Update vCenter Certificate for TKG Cluster

book

Article ID: 345720

calendar_today

Updated On: 04-01-2025

Products

VMware Telco Cloud Automation VMware Telco Cloud Platform - 5G Edition

Issue/Introduction

  • All cluster, nodepool, and Network Function (NF) operations require a secure trust to vCenter via a vSphere certificate thumbprint. 

Environment

TCA 3.1

Cause

If a vCenter's certificate has been updated, the vCenter certificate and thumbprint must be updated to restore functionality

Resolution

  1. Re-Import the vCenter Certificate to TCA-M and TCA-CP
    1. Log in to the TCA Appliance Manager 
      <
      tca-m/tca-cp-ip>:9443.
    2. Click Certificate > Trusted CA Certificate > IMPORT.
    3. Select the trusted certificate type that you want to import and do one of the following:
      • Browse and select the file to import.
      • Type the URL of the certificate.
      • Paste the certificate file content.
    4. Click Apply.
  1. Update the vCenter thumbprint in the TKG Cluster(s).
    1. SSH into the TCA-CP that controls the management clusters using the admin credentials.
      ssh admin@<tca-cp-ip>
    2. Check connectivity to retrieve the update-vc-tp script.
      curl -kfsSL https://vmwaresaas.jfrog.io/artifactory/generic-registry/kb/vc-updater/tca3.0/update-vc-tp.sh | bash -s -- -h
      NOTE: For airgap environments, users should download the script to another location first, then copy it to the TCA-CP.
    3. Run the script with the vCenter IP
      curl -kfsSL https://vmwaresaas.jfrog.io/artifactory/generic-registry/kb/vc-updater/tca3.0/update-vc-tp.sh | bash -s -- -d <vCenter-ip>
    4. Navigate to Connected Endpoints, find the corresponding vCenter, and confirm the status of the vCenter has been modified.
      1. Please click and dismiss the message to acknowledge the vCenter certificate change. 
  1.  

Additional Information