Replacing an ESX host certificate through VCF operations triggers the alert in a vCenter
Article ID: 417983
Updated On:
Products
Issue/Introduction
Replacing an ESX host certificate through VCF operations causes vCenter's vpxd.certmgmt.mode to switch to custom even if the certificate is replaced by VMCA, and subsequently triggers an alert in vCenter.
The alert is "When ESXi Certificate Mode is set to custom it is mandatory to add the custom CA certificates to vCenter trusted root store before updating the host certificates".
Environment
VMware Cloud Foundation 9.0.x
VCF Operations 9.0.x
vCenter 9.0.x
Cause
This is expected behavior. vCenter will not allow changing ESX certificates without switching the vpxd.certmgmt.mode to custom.
The alarm is an out of the box alert from vCenter. vCenter 9.0.x has this alarm by default.
vCenter Alarm Definitions
| Name | When ESXi Certificate Mode is set to custom it is mandatory to add the custom CA certificates to vCenter trusted root store before updating the host certificates |
| Description | Alarm to monitor changes in the certificate management mode of vCenter Server |
| Targets | vCenter Server |
| Alarm Rules | IF Host Certificate Management Mode changed THEN trigger the alarm as critical |
Resolution
You can ignore this alert and execute Reset To Green from vSphere Client.
Feedback
