Expiring Certificate Alarms showing for SSO & SSL_CERTs in VECS
Article ID: 420750
Updated On:
Products
Issue/Introduction
SSO & SSL_CERTs about to expire
Cause
This issue is seen when one or more required certificates are expired or will expire soon in the vCenter Server.
Checking Certificate Status
-----------------------------------------------------------------
Checking Machine SSL certificate 6 DAYS
Checking Solution User certificates:
machine 6 DAYS
vsphere-webclient 6 DAYS
vpxd 6 DAYS
vpxd-extension 6 DAYS
hvc 6 DAYS
Resolution
Download vCert tool from this linked & upload to vCenter placing it in the root directory https://knowledge.broadcom.com/external/article/385107
Open a SSH session to vCenter & follow the commands below to avoid any failures when uploading vCert to vCenter.
# chsh -s /bin/bash root
Once there, make the script executable by running the following command in the same directory the script is located:
# chmod +x vCert
Depending on how the script was copied, it may be necessary to remove Windows carriage returns from the file:
# sed -i 's/\r//g' vCert
Running the Script:
# ./vCert
Manage vCenter Certificates
-----------------------------------------------------------------
1. Machine SSL certificate
Option 1 to replace VMCA certificate
Select Machine SSL Certificate Replacement Method
1. Replace Machine SSL certificate with a VMCA-signed certificate
Manage vCenter Certificates
1. Machine SSL certificate
2. Solution User certificates
Select Solution User Certificate Replacement Method
1. Replace Solution User certificates with VMCA-signed certificates
8. Restart services
This option will display the following menu:
Restart VMware Services
--------------------------------------------------------
- Restart all VMware services
- Restart specific VMware service
- Return to Main Menu
Feedback
