- VMware Technology Network
- :
- Cloud & SDDC
- :
- VMware vSphere
- :
- VMware vSphere™ Discussions
- :
- VCSA7 wpc refresh certificate
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
VCSA7 wpc refresh certificate
Hello,
so i needed to regenerate certificates for our servers, with VCSA7. I did it by folowing this guide from VMware https://kb.vmware.com/s/article/2112283.
/usr/lib/vmware-vmca/bin/certificate-manager
Note : Use Ctrl-D to exit.
Option[1 to 8]: 3
Please provide valid SSO and VC privileged user credential to perform certificate operations.
Enter username [Administrator@vsphere.local]:administrator@vsphere.local
Enter password:
certool.cfg file exists, Do you wish to reconfigure : Option[Y/N] ? : y
Press Enter key to skip optional parameters or use Previous value.
Enter proper value for 'Country' [Previous value : US] : US
Enter proper value for 'Name' [Previous value : CA] : CA
Enter proper value for 'Organization' [Previous value : VMware] : VMware
Enter proper value for 'OrgUnit' [Previous value : VMware Engineering] : VMware Engineering
Enter proper value for 'State' [Previous value : California] : California
Enter proper value for 'Locality' [Previous value : Palo Alto] : Palo Alto
Enter proper value for 'IPAddress' (Provide comma separated values for multiple IP addresses) [optional] : (IP not used here becuase privaci reasons)
Enter proper value for 'Email' [Previous value : (generic@emial.com)] : (generic@emial.com not pasted here)
Enter proper value for 'Hostname' (Provide comma separated values for multiple Hostname entries) [Enter valid Fully Qualified Domain Name(FQDN), For Example : exam localhost
Enter proper value for VMCA 'Name' :(hidden walue cant share)
You are going to regenerate Machine SSL cert using VMCA
Continue operation : Option[Y/N] ? : y
----------------------------------------------------------------------------------------------
After doing this with correct parameters and all cetificates got refreshed but only WPC is styll the old one. Does anybody have solution for this because it is issue i have to solve.
root@localhost [ ~ ]# for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list); do echo "Store: ${store}"; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store ${store} --text | grep -E 'Alias|Not After'; done
Store: MACHINE_SSL_CERT
Alias : __MACHINE_CERT
Not After : Nov 14 20:43:16 2024 GMT
Store: TRUSTED_ROOTS
Alias : c9613d79b289c383a791dc0ea86a1f39427fd90f
Not After : Dec 1 15:56:53 2030 GMT
Store: TRUSTED_ROOT_CRLS
Alias : 0130172211a77456a82b049d1e3a6215c1545203
Store: machine
Alias : machine
Not After : Dec 1 15:56:53 2030 GMT
Store: vsphere-webclient
Alias : vsphere-webclient
Not After : Dec 1 15:56:53 2030 GMT
Store: vpxd
Alias : vpxd
Not After : Dec 1 15:56:53 2030 GMT
Store: vpxd-extension
Alias : vpxd-extension
Not After : Dec 1 15:56:53 2030 GMT
Store: hvc
Alias : hvc
Not After : Dec 1 15:56:53 2030 GMT
Store: data-encipherment
Alias : data-encipherment
Not After : Dec 1 15:56:53 2030 GMT
Store: APPLMGMT_PASSWORD
Store: SMS
Alias : sms_self_signed
Not After : Dec 6 16:03:15 2030 GMT
Store: wcp
Alias : wcp
Not After : Dec 6 15:55:54 2022 GMT
Store: BACKUP_STORE
Alias : bkp___MACHINE_CERT
Not After : Dec 7 03:56:53 2022 GMT
Alias : bkp_machine
Not After : Dec 1 15:56:53 2030 GMT
Alias : bkp_vsphere-webclient
Not After : Dec 1 15:56:53 2030 GMT
Alias : bkp_vpxd
Not After : Dec 1 15:56:53 2030 GMT
Alias : bkp_vpxd-extension
Not After : Dec 1 15:56:53 2030 GMT
Alias : bkp_hvc
Not After : Dec 1 15:56:53 2030 GMT
Alias : bkp_wcp
Not After : Dec 6 15:55:54 2022 GMT
Any help or ideas are appreciated.