Expired SAML Certificate Email Alerts are received
Article ID: 376068
Updated On:
Products
Issue/Introduction
- Expired certificate email alerts are received by Cloud Director users.
- You observed a message similar to the following stating:
"Your certificate library item SAML Encryption-2023-06-27-14-54-24 (id: xxxx.xxxx.xxxxx.xxx, description: SAML encryption certificate and key) expired X day(s) ago".
Environment
VMware Cloud Director 10.6
Cause
This happens if there is an expired SAML SSL certificate stored in the Administration > Certificate Management > Certificate Library for the Tenant.
Resolution
To resolve this issue:
- In the Provider UI select the
Organizationwhich has the expired SAML certificate and click the link to open the tenant UI. - In the Tenant UI for the Organization, navigate to the '
Administration -> Certificates Library'. - From the Certificate Library locate the expired Certificate (it should have a value of '0' for Consumers) and remove it.
Note: If Consumers shows a value of '1' for the expired certificate, you should renew the certificate firstly. Use the Cloud Director API POST /admin/org/{id}/settings/federation/action/regenerateFederationCertificate to regenerate a federation certificate for the Tenant. Details of this API method are available in the VMware Cloud Director API documentation.
Note: To reduce the frequency for reminder emails, you can use the Cell-Management-Tool manage-config option to set the value:
- Name:
notifyExpiringCertificateLibraryEntriesJob.repeat.interval.days - Value: <Number of days between reminder email>
- Default Value: 1
Additional Information
If you encounter issues removing the Certificate via the UI, see Unable to delete expired ui certificate in Certificate Library in VMware Cloud Director Provider portal
In instances where you have removed the certificate from the UI but you still receive emails, see Email notification for not existing expired certificates in certificate library
Feedback
