Delete STS certificate from vmdird Database using CLI
search cancel

Delete STS certificate from vmdird Database using CLI

book

Article ID: 373613

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Unable to remove STS certificate using jxplorer Tool.

 

Environment

vCenter 6.x, vCenter 7.x, vCenter 8.x. 

Resolution

-To delete the STS cert from Explorer we delete these two objects. 

To remove STS certificate by command line.

cn=TenantCredential-1,cn=vsphere.local,cn=Tenants,cn=IdentityManager,cn=Services,dc=vsphere,dc=local

1. Export the ldif
/opt/likewise/bin/ldapsearch -h localhost -D "cn=Administrator,cn=Users,dc=vsphere,dc=local"  -w 'VMware123!' -b "cn=TenantCredential-1,cn=vsphere.local,cn=Tenants,cn=IdentityManager,cn=Services,dc=vsphere,dc=local" > /storage/core/tenantcredential.ldif

2. See the ldif
/opt/likewise/bin/ldapsearch -h localhost -D "cn=Administrator,cn=Users,dc=vsphere,dc=local"  -w 'VMware123!' -b "cn=TenantCredential-1,cn=vsphere.local,cn=Tenants,cn=IdentityManager,cn=Services,dc=vsphere,dc=local" -s sub "objectclass=vmwSTSTenantCredential"

3. Delete the object               
/opt/likewise/bin/ldapdelete -h localhost -D "cn=Administrator,cn=Users,dc=vsphere,dc=local" -w 'VMware123!' "cn=TenantCredential-1,cn=vsphere.local,cn=Tenants,cn=IdentityManager,cn=Services,dc=vsphere,dc=local"

cn=TrustedCertificateChains,cn=vsphere.local,cn=Tenants,cn=IdentityManager,cn=Services,dc=vsphere,dc=local   


List the number of certchain
/opt/likewise/bin/ldapsearch -h localhost -D "cn=Administrator,cn=Users,dc=vsphere,dc=local"  -w 'VMware123!' -b "cn=TrustedCertificateChains,cn=vsphere.local,cn=Tenants,cn=IdentityManager,cn=Services,dc=vsphere,dc=local  "  -s sub "objectclass=container"


Example 
 /opt/likewise/bin/ldapsearch -h localhost -D "cn=Administrator,cn=Users,dc=vsphere,dc=local"  -w 'VMware123!' -b "cn=TrustedCertificateChains,cn=vsphere.local,cn=Tenants,cn=IdentityManager,cn=Services,dc=vsphere,dc=local  "  -s sub "objectclass=container"

# extended LDIF
#
# LDAPv3
# base <cn=TrustedCertificateChains,cn=vsphere.local,cn=Tenants,cn=IdentityManager,cn=Services,dc=vsphere,dc=local  > with scope subtree
# filter: objectclass=container
# requesting: ALL
#

# TrustedCertificateChains, vsphere.local, Tenants, IdentityManager, Services
 , vsphere.local
dn: cn=TrustedCertificateChains,cn=vsphere.local,cn=Tenants,cn=IdentityManager
 ,cn=Services,dc=vsphere,dc=local
nTSecurityDescriptor:: AQAHhBQAAAA0AAAAAAAAAFQAAAABBgAAAAAABxUAAACAPXxdhG/Mkca
 FQlchKZq+9AEAAAEGAAAAAAAHFQAAAIA9fF2Eb8yRxoVCVyEpmr4gAgAAAgDAAAUAAAAAExgAMAAA
 AAECAAAAAAAHIAAAAJoCAAAAEygAMwAGAAEGAAAAAAAHFQAAAIA9fF2Eb8yRxoVCVyEpmr4DAgAAA
 BMoADMABiABBgAAAAAABxUAAACAPXxdhG/MkcaFQlchKZq+AAIAAAATKAAzAAYgAQYAAAAAAAcVAA
 AAgD18XYRvzJHGhUJXISmaviACAAAAEygAMwAGIAEGAAAAAAAHFQAAAIA9fF2Eb8yRxoVCVyEpmr7
 0AQAA
cn: TrustedCertificateChains
objectClass: top
objectClass: container

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1     <---- In the lab, we have one 

 


Export the ldif
/opt/likewise/bin/ldapsearch -h localhost -D "cn=Administrator,cn=Users,dc=vsphere,dc=local"  -w 'VMware123!' -b "cn=TrustedCertificateChains,cn=vsphere.local,cn=Tenants,cn=IdentityManager,cn=Services,dc=vsphere,dc=local  "  > /storage/core/TrustedCertificateChains.ldif

Delete the object     

For TrustedCertChain-1              
/opt/likewise/bin/ldapdelete -h localhost -D "cn=Administrator,cn=Users,dc=vsphere,dc=local" -w 'VMware123!' "cn=TrustedCertChain-1,cn=TrustedCertificateChains,cn=vsphere.local,cn=Tenants,cn=IdentityManager,cn=Services,dc=vsphere,dc=local"

For TrustedCertChain-2              
/opt/likewise/bin/ldapdelete -h localhost -D "cn=Administrator,cn=Users,dc=vsphere,dc=local" -w 'VMware123!' "cn=TrustedCertChain-2,cn=TrustedCertificateChains,cn=vsphere.local,cn=Tenants,cn=IdentityManager,cn=Services,dc=vsphere,dc=local"