vCert.py status check shows mismatch after updating Machine SSL certificate via vSphere Client
search cancel

vCert.py status check shows mismatch after updating Machine SSL certificate via vSphere Client

book

Article ID: 423050

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

After updating the Machine SSL certificate via the vSphere Client, running option 1 of vCert.py to check the certificate status displays a MISMATCH for "com.vmware.vsan.health" as shown below:

Checking vCenter Extension Thumbprints
-----------------------------------------------------------------
com.vmware.vcIntegrity (vpxd-extension)                   MATCHES
com.vmware.vim.eam (vpxd-extension)                       MATCHES
com.vmware.vlcm.client (vpxd-extension)                   MATCHES
com.vmware.vmcam (Authentication Proxy)                   MATCHES
com.vmware.vsan.health (Machine SSL)                     MISMATCH

Environment

vCenter Server 8.0

Cause

Updating the Machine SSL certificate via the vSphere Client restarts only specific services. 
VMware vSAN Health Service is excluded from this automatic restart, preventing the certificate update from being reflected for this service.

Resolution

Restart the VMware vSAN Health Service to reload the certificate.

  1. Log in to vCenter Server via SSH as the root user.

  2. Type shell to start Bash.

  3. Restart the service using the following command:
    service-control --restart vmware-vsan-health
Powered by Wolken Software