Error "Certificates have expired. Visit Domain Management page to take action" red banner displayed on VCF 5.2 SDDC Manager UI
search cancel

Error "Certificates have expired. Visit Domain Management page to take action" red banner displayed on VCF 5.2 SDDC Manager UI

book

Article ID: 397531

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

  • The SDDC Manager UI shows shows expired certificates red banner even though none of the certificates are expired.



  • This issue is observed after the removal of VRSLCM from the SDDC Manager.

  • SDDC Workload Domains shows the Error message "<Workload Domain Name> has <Number of certs> expired certificate"

Environment

VCF 5.x

 

Cause

After removing VRSLCM from SDDC Manager the associated certificates are is still found in the sddc manager database.


Resolution

The below steps will remove the expired certificates from the SDDC manager database:

  1. Take a snapshot of SDDC Manager VM

  2. Connect to operationsmanager DB in SDDC Manager

    • For SDDC 5.1.x: 

      /usr/pgsql/13/bin/psql -h localhost -U postgres -d operationsmanager

    • For all other versions: 

      psql -h localhost -U postgres -d operationsmanager

  3. Check the expiry_date column in certificatemanagement.certificate_chain_expiry table

    • select * from certificatemanagement.certificate_chain_expiry;

      or

    • select * from certificatemanagement.certificate_chain_expiry where expiry_date::text like '2025%';

  4. Identify the expired certificates

  5. As the components did not exist we can remove that from certificatemanagement.certificate_chain_expiry table as follows

    • delete from certificatemanagement.certificate_chain_expiry where id=<>;

      or

    • delete from certificatemanagement.certificate_chain_expiry where expiry_date::text like '2025%';

  6. Reload the UI by using the refresh button in browser
Powered by Wolken Software