vCenter UI Stuck/Inaccessible due to Expired Certificates
search cancel

vCenter UI Stuck/Inaccessible due to Expired Certificates

book

Article ID: 418639

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • When attempting to launch the vCenter UI (vSphere Client), the interface gets stuck on loading and is unable to authenticate the necessary certificates, thereby blocking the user login process.

  • Sample certificate validity status

root@vcenter[ ~ ]# for i in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list); do echo STORE $i; sudo /usr/lib/vmware-vmafd/bin/vecs-cli entry list -- store $i -- text | egrep "Alias |Not After"; done
STORE MACHINE SSL CERT
MACHINE CERT
Not After : MM DD HH:MM:SS YYYY GMT
Not After : MM DD HH:MM:SS YYYY GMT
STORE TRUSTED_ROOTS
Alias : Alias1

STORE machine
Alias : machine
Not After : Nov 17 17:21:23 2025 GMT  ->> Certificate Expired
STORE vsphere-webclient
Alias : vsphere-webclient
Not After : Nov 17 17:21:24 2025 GMT

Alias : vpxd
Not After : Nov 17 17:21:25 2025 GMT
STORE vpxd-extens ion
Alias : vpxd-extension
Not After : Nov 17 17:21:25 2025 GMT

  • The attempted restart of vCenter services failed, leaving most services in a down state, as detailed below.

 

Environment

  • vCenter 8.x

Cause

  •  The underlying cause is the expiration of one or more internal solution and machine certificates (e.g., machine, vsphere-webclient, vpxd, etc.) utilized by the vCenter Server Appliance (VCSA).

Resolution

Utilize the vCert utility to replace the expired certificates, then restart all vCenter services

Additional Information

If custom-provided certificates are causing the vCenter UI login failure, replace them temporarily with the default VCSA certificates to regain access to vCenter. Afterward, re-import and apply the valid customer certificates.

Replace vCenter Machine SSL certificate Custom Certificate Authority Signed Certificate

Powered by Wolken Software