Certificate Status alarm is missing in vCenter Server 8.0 U3g or later

search cancel

Certificate Status alarm is missing in vCenter Server 8.0 U3g or later

book

Article ID: 412316

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

vCenter 8.0 Update 3g introduces 5 differentiated alarms for certificates expiration, replacing the current generic one, which does not provide details on the specific VECS repository. The new alarms identify the certificate that is about to expire and provide a link to a KB with remediation steps.

Environment

vCenter Server 8.0 U3g or later

Cause

This is by design. See the second point of What's New section in VMware vCenter 8.0 Update 3g Release Notes

The alarm "Certificate Status", which exists in vCenter Server 8.0 U3f or before, is replaced with following alarms:

Certificate(s) in VECS TRUSTED_ROOTS store has expired
Certificate(s) in VECS TRUSTED_ROOTS store is about to expire
Data-encipherment certificate in VECS has expired
Data-encipherment certificate in VECS is about to expire
MACHINE_SSL_CERT certificate in VECS has expired 
MACHINE_SSL_CERT certificate in VECS is about to expire
SMS certificate in VECS has expired 
SMS certificate in VECS is about to expire
Solution user certificate(s) in VECS has expired 
Solution user certificate(s) in VECS is about to expire

Note, the alarm names are upended with link to KB 385107 in GUI

Resolution

Use the vCert tool to confirm which Certificate is expired and replace/remove it:
https://knowledge.broadcom.com/external/article/385107/vcert-scripted-vcenter-expired-certific.html

Feedback

thumb_up Yes

thumb_down No