Solved: Additional (old?) certificate store - OK to delete...

ajskalski · ‎07-27-2023

I recently renewed our VCSA certs and noticed a certificate store with the FQDN of our VCSA. This VCSA started out at 6.5 and has been upgraded through 7.0.3.01400.

This store contains one entry with the alias of our VCSA FQDN (private key) which will expire in a few weeks. This entry has the Issuer = the old FQDN of our VCSA, back when it was running 6.5 (we changed the name of the VCSA after upgrading to 7.0).

It sure seems like this is unused, but I wanted to check first. certificate-manager does not seem to know or care about it; same with the vCert script (4.7.0). The latter does not report that it is about to expire. Our __MACHINE_CERT is in good order and is used on the vSphere web client. I can't find anything online that suggests I should have a certificate store like this. It seems like a leftover from the upgrade from 6.5 to 7.0.

Is it safe to delete this store? Thanks.

Ajay1988 · ‎07-31-2023

Well VCSA doesn't use that cert for sure. Could be manually created by someone or 3rd party apps connected with VC.

Feel free to take snapshot/backup of VC and delete that store.

If you think your queries have been answered
Mark this response as "Correct" or "Helpful".

Regards,
AJ

View solution in original post

GCanuto · ‎07-27-2023

Pergunta interessante.

Ajay1988 · ‎07-31-2023

Well VCSA doesn't use that cert for sure. Could be manually created by someone or 3rd party apps connected with VC.

Feel free to take snapshot/backup of VC and delete that store.

If you think your queries have been answered
Mark this response as "Correct" or "Helpful".

Regards,
AJ

ajskalski · ‎08-04-2023

After taking a snapshot, I deleted the cert. No issues noted so far. Thanks!

All

Additional (old?) certificate store - OK to delete?

I w