Certificate Status Alert for SMS store Certificates.
search cancel

Certificate Status Alert for SMS store Certificates.

book

Article ID: 371774

calendar_today

Updated On:

Products

VMware vCenter Server VMware vCenter Server 7.0 VMware vCenter Server 8.0

Issue/Introduction

Vcenter getting certificate status alarm.

Environment

VMware vCenter Server 8.0.x
VMware vCenter Server 7.0.x

Cause

This alert occurs when there are expired certificates in the SMS store.

As per the output from  :

  • for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After";done;

 

Resolution

Run the below commands to delete the expired SMS store certificates.

Command to check the Trusted root store

for i in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list); do echo STORE $i; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $i --text | egrep "Alias|Not Before"; done;/usr/lib/vmware-vmafd/bin/vecs-cli entry list --store TRUSTED_ROOTS --text | egrep 'Alias|Key Usage' -A 1 | grep -v "Entry type"

Backup:
/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert --store SMS --alias alias_name 

Delete:
/usr/lib/vmware-vmafd/bin/vecs-cli entry delete --store SMS --alias alias_name -y

Run the below command to refresh
/usr/lib/vmware-vmafd/bin/vecs-cli force-refresh

Note : Need to keep valid vCenter snapshot before proceeding.

**Also the alias name can be in the following form of a link 'https://fqdn:9080/version.xml' instead of an alpha-numeric ID.

Powered by Wolken Software