Certificate replacement triggered via SDDC Manager takes 24hs to complete

search cancel

Certificate replacement triggered via SDDC Manager takes 24hs to complete

book

Article ID: 409511

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

Certificates within an SDDC environment take around 24hrs to complete the replacement task. There is no error message, the process simply runs for hours until it finally completes.

Environment

4.4.x
4.5.x
5.0.x
5.2.x

Cause

This is an issue where validation is not able to handle corner case exceptions. The workflow is not supposed to fail for SocketTimeoutException but to dump a warning in logs and proceed. Somehow this case is not handled.

Resolution

1. Take a snapshot of the SDDC Manager VM.
2. Run the below commands to skip the validation:

touch /home/vcf/feature.properties

echo 'feature.vcf.operationsmanager.certificatemanagement.vsecurity_certificate_validation=false' >> /home/vcf/feature.properties

chmod a+r /home/vcf/feature.properties

systemctl restart operationsmanager

3. Trigger cert replacement workflow.

Feedback

thumb_up Yes

thumb_down No