VMware Cloud Community
lspin
Enthusiast
Enthusiast
‎12-27-2022 09:57 AM
Jump to solution

vCert tool displays "Checking Machine SSL CSR - Expired"

We recently had to go through the process of renewing the STS certs on our vCSA 6.7u3r appliance. After several issues with this process we've finally got all the certs to show as valid. 

However, when running the check using the vCert tool against the vCSA, now we get the following expired certificate displayed:

Checking Certifcate Status
-----------------------------------------------------------------
Checking Machine SSL certificate VALID
Checking Machine SSL CSR EXPIRED
Checking Solution User certificates:
machine VALID
vsphere-webclient VALID
vpxd VALID
vpxd-extension VALID
Checking SMS certificate VALID
Checking data-encipherment certificate VALID
Checking Authentication Proxy certificate VALID
Checking Auto Deploy CA certificate VALID
Checking BACKUP_STORE entries:
Checking VMDir certificate VALID
Checking VMCA certificate VALID

 

How do we correct the "Machine SSL CSR" certificate. We've not been able to find a KB for this specific certificate. 

Labels (1)
Labels

  • So

Reply
0 Kudos
1 Solution

Accepted Solutions
lspin
Enthusiast
Enthusiast
‎12-27-2022 10:03 AM
Jump to solution

Resolved by running the ./vCert tool and choosing the following options:

vCenter 6.7 Certificate Management Utility (4.8.0)
-----------------------------------------------------------------
1. Check current certificates status
2. View Certificate Info
3. Manage Certificates
4. Manage SSL Trust Anchors
5. Check configurations
6. Reset all certificates with VMCA-signed certificates
7. ESXi certificate operations
8. Restart services
9. Generate certificate report
E. Exit

Then choosing the Option 18. Clear Machine SSL CSR in VECS 

View solution in original post

Reply
0 Kudos
1 Reply
lspin
Enthusiast
Enthusiast
‎12-27-2022 10:03 AM
Jump to solution

Resolved by running the ./vCert tool and choosing the following options:

vCenter 6.7 Certificate Management Utility (4.8.0)
-----------------------------------------------------------------
1. Check current certificates status
2. View Certificate Info
3. Manage Certificates
4. Manage SSL Trust Anchors
5. Check configurations
6. Reset all certificates with VMCA-signed certificates
7. ESXi certificate operations
8. Restart services
9. Generate certificate report
E. Exit

Then choosing the Option 18. Clear Machine SSL CSR in VECS 

Reply
0 Kudos