VMware Cloud Community
markey165
Expert
Expert
‎05-30-2023 09:09 AM

LDAPS Alarm - Identity Source LDAP Certificate is about to expire

Hi All,

We recently switched our AD auth on vCenter (7.0.3) from IWA to LDAPS.

As part of the LDAPS configuration, we grabbed 2 x Domain Controller certs using OpenSSL and imported them into vCenter.

Recently we've started getting alarms across multiple vCenters because 1 of the 2 certs is nearing expiry. However it doesn't actually expire for 42 days (6 weeks) and we can't grab a new cert until the Domain Controller has auto renewed it via AD Certificate Services.

Is there a way to reconfigure the vCenter alarm threshold so we're not stuck with this alarm for 42 days?

_____________________________________________
If this post helps you, please leave Kudo | or mark this reply as an answer
0 Kudos
5 Replies
Lalegre
Virtuoso
Virtuoso
‎05-30-2023 10:31 AM

Hello @markey165,

If you need to disable the alert, you can go to the vCenter object -> Configure -> Alarm Definitions, then search for "Identity Source LDAP Certificate is about to expire" and click on Disable. Check on the screenshot below:

Lalegre_3-1685467899984.png

 

 

markey165
Expert
Expert
‎05-30-2023 12:12 PM

@Lalegre - Thanks for the suggestion, but disabling the alert isn't an option, as this is a production environment and we still need it, just not for 42 days

I'm looking for a way to change the 42 day alert threshold, to something more sensible, say 5 days, and wondered if anyone knows how to do that? 

_____________________________________________
If this post helps you, please leave Kudo | or mark this reply as an answer
0 Kudos
mannharry
Hot Shot
Hot Shot
‎05-30-2023 11:36 PM

Hello, 

Since this cert of LDAPS comes from the Domain controller and as you mentioned it will be renewed on the Domain controller, I guess there is no way to suppress this alarm. 

 

Regards

Harry

markey165
Expert
Expert
‎05-31-2023 04:19 AM

Hi @mannharry 

As above, i'm not trying to suppress the alarm, i'm trying to reconfigure the alarm threshold, which is currently set to 42 days.

 

Where the certificate comes from isn't relevant as i see it. All i wish to do is reduce the alarm threshold for the certificate expiry to a lower value, but can't see how to do it.

_____________________________________________
If this post helps you, please leave Kudo | or mark this reply as an answer
mannharry
Hot Shot
Hot Shot
‎05-31-2023 08:17 AM

I understand , I don't see an option to change the alarm definition,

Regards

Harry

0 Kudos