KMS Certificate Server Status Alert
search cancel

KMS Certificate Server Status Alert

book

Article ID: 401236

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • The "KMS Server Certificate Status" alert is triggered when using an external key provider.
  • Checking the Key management servers' certificates (vCenter -> Configure -> Key Provider -> Click on the standard key provider), none show as expiring or expired.
  • The /var/log/vmware/vpxd/vpxd.log file shows the following entries:

2025-05-29T18:20:35.568Z warning vpxd[#######] [Originator@6876 sub=CryptoManager opID=<opID>] Certificate [Subject: serialNumber=<SerialNumber>,CN=<CN> CA,OU=<OU>,O=<O>,C=CA] expires on 2025-06-24 15:04:43.000

2025-05-29T18:20:35.568Z warning vpxd[#######] [Originator@6876 sub=CryptoManager opID=<opID>] KMS Server certificate expires on 2025-06-24 15:04:43.000will generate an alarm

Environment

VMware vCenter Server 7.0.x
VMware vCenter Server 8.0.x

Cause

An external KMS certificate will expire or has expired. 

Resolution

Please reach out to the external KMS vendor for assistance with renewing or replacing the expiring or expired KMS certificate.

Powered by Wolken Software