Hello,
we've got 3 vcenter 7 servers that are throwing the warning "Certificate status". Clicking on triggering event shows:
"Certitifacte OU=mID-....' from MACHINE_SSL_CERT expires on 2023-07-02 07:46:04.000"
These are the steps I did to resolve this unsuccessfully:
1. Administration -> Certificate Management
The __MACHINE_CERT showed this expiration date so I clicked renew.
After a reload of the GUI, the cert showed a new expiration date of 4th of june 2025.
Error still persists.
Google found this KB: https://kb.vmware.com/s/article/82332
2. SSH into vcenter and printed out the expiration dates of all certificates: sure enough there are some "user solution certificates" with the old expiration date.
I've ran "/usr/lib/vmware-vmca/bin/certificate-manager" with option 6 "Replace Solution user certificates with VMCA certificates".
Ran the command again to print the expiration dates ... only 2 expiring remaining!
Google found this KB: https://kb.vmware.com/s/article/88548
3. Copied the fix_encipherment_cert.sh and ran it. Voila only 1 expiring certificate remaining and the alarm is still there.
You can see the current status in the attached picture:
My questions:
Hello
On checking the cert details :
Regards
Harry
Hello
On checking the cert details :
Regards
Harry
Hello Harry,
thanks for your help!
The steps in https://kb.vmware.com/s/article/82560?lang=en_US were the correct KB!
Ive ran the script and now the BACKUP_STORES are empty. The alarm is gone too.
EDIT: the FQDN-store certificate is still there, but seems like it wont get used. The certificate displayed in the browser is a different one with the correct expiration date.
Have a nice day!