Certificate Status Alert for SMS store Certificates.
search cancel

Certificate Status Alert for SMS store Certificates.

book

Article ID: 371774

calendar_today

Updated On:

Products

VMware vCenter Server VMware vCenter Server 7.0 VMware vCenter Server 8.0

Issue/Introduction

vCenter getting certificate status alarm "VMware vSphere Profile-Driven Storage Service has a warning status".

Example:

Environment

  • VMware vCenter Server 8.0.x
  • VMware vCenter Server 7.0.x

Cause

This alert occurs when there are expired certificates in the SMS store.

As per the output from  :

  • for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After";done;

 

Resolution

Note: Please ensure a snapshot of the vCenter Server is taken prior to performing the below steps. If the vCenter Servers are operating in Linked Mode, it is recommended to take offline snapshots without memory to avoid potential inconsistencies.

Delete the SMS certificate using the below steps:

  1. Command to check the Trusted root store
    for i in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list); do echo STORE $i; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $i --text | egrep "Alias|Not Before"; done;/usr/lib/vmware-vmafd/bin/vecs-cli entry list --store TRUSTED_ROOTS --text | egrep 'Alias|Key Usage' -A 1 | grep -v "Entry type"

  2. Backup:
    /usr/lib/vmware-vmafd/bin/vecs-cli entry getcert --store SMS --alias alias_name 

  3. Delete:
    /usr/lib/vmware-vmafd/bin/vecs-cli entry delete --store SMS --alias alias_name -y

    Example: /usr/lib/vmware-vmafd/bin/vecs-cli entry delete --store sms --alias sms_self_signed -y

  4. Run the below command to refresh
    /usr/lib/vmware-vmafd/bin/vecs-cli force-refresh

#Also the alias name can be in the following form of a link 'https://fqdn:9080/version.xml' instead of an alpha-numeric ID.

Powered by Wolken Software