vCert.py script to update all vCenter certificates completed successfully, but cert expiration dates did not update
search cancel

vCert.py script to update all vCenter certificates completed successfully, but cert expiration dates did not update

book

Article ID: 420343

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

vCert.py script from KB 385107 was successfully run to replace all certificates. However, the dates of the certificates did not change. 

Environment

vCenter 8.x

Cause

A certificate's validity period cannot exceed that of the certificate authority (CA) that issued it. Specifically, the VMCA cannot sign certificates with a longer lifetime than its own. Once the root CA's validity expires, it loses the trust required to sign new certificates, and any certificates it previously signed may consequently become untrustworthy.

Resolution

Select option 3 'Manage certificates' and then option 9 'VMCA certificate' to replace VMCA and regenerate all certificates as explained in kb vCert - Scripted vCenter expired certificate replacement 

Additional Information

vCert - Scripted vCenter expired certificate replacement 

Powered by Wolken Software