Re: vCenter 6.7 Machine and Solution User Self-Sig...

danODOT · ‎07-11-2023

Hello,

Our vCenter's self-signed Machine and Solution User certificates have expired preventing us from logging into the web client. I used the Certificate Manager utility to replace the Machine certificate which returned an error stating that it failed because the Solution User certificates are expired. When I try to replace the Solution User certificates it returns an error stating it failed because the Machine certificate is expired. Both error messages state that the solution is to use the Certificate Manager's Option 8 to replace ALL vCenter certificates which I assume will also replace the Root certificate which has not yet expired.

I have verified that the STS certificate has not expired.

My manager is concerned about replacing the Root certificate if we run Certificate Manager's Option 8 and would like verification that this is the next logical step to renew the expired certificates.

Does anyone know whether using Certificate Manager's Option 8 would be our best option at the point and running it won't make matters worse?

Please see attached document with screenshots of the errors encountered running Certificate Manager's Options 3 and 6.

Thanks in advance!

BivasM · ‎07-11-2023

this is a situation where you should open a sr ticket with vmware. i once had sts certificates expire and that made things a lot worse. Even with vmware support it took a few hours. And from what i remember in my case option 8 didnt work to fix sts certificate expiary.

Sachchidanand · ‎07-11-2023

It seems that you have no option but the option 8, so take the snapshot (in worst case you will have the current state of your vCenter) of the vCenter and go with option 8. Alongside open a SR with vmware to also get instructions from technical team.

Regards,

Sachchidanand

All

vCenter 6.7 Machine and Solution User Self-Signed Certificates Expired