You can retrieve the new certificate or current machine ssl certificate using vecs-cli:
The ls_update_certs.py script is located at /usr/lib/vmware-lookupsvc/tools/
Sample result:
[email protected] [ /usr/lib/vmware-lookupsvc/tools ]# python ls_update_certs.py --url https://vcenter.vmware.local/lookupservice/sdk --fingerprint 13:1E:60:93:E4:E6:59:31:55:EB:74:51:67:2A:99:F8:3F:04:83:88 --certfile /certificates/new_machine.crt --user [email protected] --password 'Password@123' 2>/dev/null Get service 11c10f43-2adb-4da5-b04c-cf18a66653b6 Update service 11c10f43-2adb-4da5-b04c-cf18a66653b6; spec: /tmp/svcspec_hvu8kxs8 Get service d8011901-5672-4196-ac18-42dc9248c392 Update service d8011901-5672-4196-ac18-42dc9248c392; spec: /tmp/svcspec_kost4p0i . . Get service 5db24673-f515-4578-ad10-a51e9968bfdc Don't update service 5db24673-f515-4578-ad10-a51e9968bfdc Get service 933e1223-e4df-43e7-bafe-244b9f4ac918 Don't update service 933e1223-e4df-43e7-bafe-244b9f4ac918 Updated 41 service(s) [email protected] [ /usr/lib/vmware-lookupsvc/tools ]#
LS_URL | Lookup service URL. On the vCenter Server, use the following URL as a model: https://external_platform_services_controller_FQDN.example.com/lookupservice/sdk |
OLD_CERT_SHA1_HASH |
Thumbprint of the certificate that vCenter Server used before certificate replacement acquired in Task 2.
Note: VMware does not recommends to find the old vCenter Server certificate in the filesystem.
|
NEW_CERT_PEM_FILEPATH |
PEM encoded file of the new vCenter Server machine SSL certificate acquired in Task 3.
Use the file that you just passed in as part of certificate replacement. If you no longer have that file, use the process in Retrieving the New Certificate.
Note: Attempting to find the new vCenter Server certificate in the filesystem is not recommended.
|
USER and PASSWORD | User with administrator privileges for vCenter Single Sign-On. |