Error: Exception in invoking authentication handler [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired while accessing the VAMI page.
search cancel

Error: Exception in invoking authentication handler [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired while accessing the VAMI page.

book

Article ID: 410744

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • When trying to login to the vCenter appliance Management UI I get the banner: "Exception in invoking authentication handler [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:997)"
  • Checked the cert status using CLI , Machine SSL and STS Cert were expired.
    for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After";done;
  • We see 'no healthy upstream' when trying to access the vCenter UI
  • Checking the status of services shows many of them failing to start, such as vmware-sps, vmware-vpxd-svcs, etc.

Environment

  • VMware vCenter 8.x
  • VMware vCenter 9.x

Cause

  • One or more of the vCenter certificates have been expired.

Resolution

Utilize KB vCert - Scripted vCenter Expired Certificate Replacement to identify and replace the expired certificates.

  1. Use Option 1 to identify which certificates are expired
  2. Use Option 3 to manage the certificates
  3. Use the appropriate options from this menu based on the results of Option 1

 

Additional Information

Powered by Wolken Software