We recently switched our AD auth on vCenter (7.0.3) from IWA to LDAPS.
As part of the LDAPS configuration, we grabbed 2 x Domain Controller certs using OpenSSL and imported them into vCenter.
Recently we've started getting alarms across multiple vCenters because 1 of the 2 certs is nearing expiry. However it doesn't actually expire for 42 days (6 weeks) and we can't grab a new cert until the Domain Controller has auto renewed it via AD Certificate Services.
Is there a way to reconfigure the vCenter alarm threshold so we're not stuck with this alarm for 42 days?
If you need to disable the alert, you can go to the vCenter object -> Configure -> Alarm Definitions, then search for "Identity Source LDAP Certificate is about to expire" and click on Disable. Check on the screenshot below:
@Lalegre - Thanks for the suggestion, but disabling the alert isn't an option, as this is a production environment and we still need it, just not for 42 days
I'm looking for a way to change the 42 day alert threshold, to something more sensible, say 5 days, and wondered if anyone knows how to do that?
Since this cert of LDAPS comes from the Domain controller and as you mentioned it will be renewed on the Domain controller, I guess there is no way to suppress this alarm.
As above, i'm not trying to suppress the alarm, i'm trying to reconfigure the alarm threshold, which is currently set to 42 days.
Where the certificate comes from isn't relevant as i see it. All i wish to do is reduce the alarm threshold for the certificate expiry to a lower value, but can't see how to do it.