Unable to delete the Certificate signing requests from VCF Operations
search cancel

Unable to delete the Certificate signing requests from VCF Operations

book

Article ID: 431451

calendar_today

Updated On:

Products

VCF Operations

Issue/Introduction

In the Fleet Management appliance, attempts to delete one or more Certificate Signing Requests (CSRs) directly from the UI are unsuccessful.

Environment

VCF Operations 9.0.x
VCF Fleet Management 9.0.x

Cause

This issue occurs when the CSR objects become orphaned or their internal state gets locked in the backend database.

Resolution

Note: Please ensure to secure a snapshot of the Fleet Management appliance.
 
Step 1: Retrieve the CSR VMIDs via Developer Tools
 
Since the UI does not explicitly display the VMID, you can extract it using your web browser's built-in inspection tools.

  1. Open the Fleet Management UI and navigate to the Certificates page where the stuck CSRs reside.

  2. Press F12 (or right-click and select Inspect) to open the browser's Developer Tools.

  3. Switch to the Network tab.

  4. Click on the first problematic CSR in the web interface.

  5. In the Developer Tools Network tab, click on the API request that populates.

  6. Review the Response or Preview pane to locate the vmid string for that specific CSR. Note this ID down.

  7. Repeat this process for all problematic CSRs.

Step 2: Execute Database Cleanup Commands
 
Once you have the exact VMIDs, you must access the appliance's database to remove the entries.

  1. SSH into the Fleet Management Appliance as the root user.

  2. Connect to the internal database using the appliance's DB shell command.

./psql -U postgres -d vrlcm
      3. Run the following SQL commands for each CSR, replacing <YOUR_VMID> with the IDs you gathered in Step 2:
DELETE FROM vm_locker_appliance_csr WHERE vmid = 'vmid';
DELETE FROM vm_locker_csr WHERE vmid = 'vmid';

  1. Refresh your Fleet Management UI to confirm the CSRs are completely removed from the inventory.

Powered by Wolken Software