Our certificate is expired
[*] Store : MACHINE_SSL_CERT
Alias : __MACHINE_CERT
Not After : Sep 14 02:02:36 2022 GMT
So I used Certificate Manger, to replace Machine SSL (Option 3).
After username and passwort, I get this output:
Please configure certool.cfg with proper values before proceeding to next step.
Certificate Manager tool do not support vCenter HA systems
=> nothing happend
The log shows:
2022-09-14T14:26:35.185Z INFO certificate-manager Running command : ['/usr/lib/vmware-vmafd/bin/dir-cli', 'service', 'list', '--login', 'Administrator@vsphere.local', '--password', '*****']
2022-09-14T14:26:35.210Z INFO certificate-manager Output :
1. machine-4dddda51-5e78-47df-951a-5ea419749fa1
2. vsphere-webclient-4dddda51-5e78-47df-951a-5ea419749fa1
3. vpxd-4dddda51-5e78-47df-951a-5ea419749fa1
4. vpxd-extension-4dddda51-5e78-47df-951a-5ea419749fa1
5. hvc-4dddda51-5e78-47df-951a-5ea419749fa1
6. wcp-4dddda51-5e78-47df-951a-5ea419749fa1
2022-09-14T14:26:35.210Z INFO certificate-manager Authentication successful
2022-09-14T14:26:35.211Z INFO certificate-manager Running command : ['/usr/lib/vmware-vmafd/bin/dir-cli', 'service', 'list', '--login', 'Administrator@vsphere.local', '--password', '*****']
2022-09-14T14:26:35.229Z INFO certificate-manager Output :
1. machine-4dddda51-5e78-47df-951a-5ea419749fa1
2. vsphere-webclient-4dddda51-5e78-47df-951a-5ea419749fa1
3. vpxd-4dddda51-5e78-47df-951a-5ea419749fa1
4. vpxd-extension-4dddda51-5e78-47df-951a-5ea419749fa1
5. hvc-4dddda51-5e78-47df-951a-5ea419749fa1
6. wcp-4dddda51-5e78-47df-951a-5ea419749fa1
2022-09-14T14:26:35.230Z INFO certificate-manager Running command : ['/usr/lib/vmware-vmafd/bin/vecs-cli', 'store', 'list']
2022-09-14T14:26:35.243Z INFO certificate-manager Output :
MACHINE_SSL_CERT
TRUSTED_ROOTS
TRUSTED_ROOT_CRLS
machine
vsphere-webclient
vpxd
vpxd-extension
hvc
data-encipherment
APPLMGMT_PASSWORD
SMS
wcp
BACKUP_STORE
2022-09-14T14:26:35.244Z INFO certificate-manager Running command :- service-control --start vmafdd
2022-09-14T14:26:35.244Z INFO certificate-manager please see service-control.log for service status
2022-09-14T14:26:35.483Z INFO certificate-manager Command executed successfully
2022-09-14T14:26:35.484Z INFO certificate-manager Running command :- service-control --start vmcad
2022-09-14T14:26:35.484Z INFO certificate-manager please see service-control.log for service status
2022-09-14T14:26:35.750Z INFO certificate-manager Command executed successfully
2022-09-14T14:26:35.750Z INFO certificate-manager Running command :- service-control --start vmdird
2022-09-14T14:26:35.750Z INFO certificate-manager please see service-control.log for service status
2022-09-14T14:26:35.997Z INFO certificate-manager Command executed successfully
2022-09-14T14:26:35.997Z INFO certificate-manager Performing operation on embedded setup using 'localhost' as server
2022-09-14T14:26:35.997Z INFO certificate-manager Running command :- ['/usr/lib/vmware-vmafd/bin/vecs-cli', 'entry', 'getcert', '--store', 'MACHINE_SSL_CERT', '--alias', '__MACHINE_CERT', '--output', '/var/tmp/vmware/old_machine_ssl.crt']
2022-09-14T14:26:36.17Z INFO certificate-manager Command output :-
2022-09-14T14:26:36.17Z INFO certificate-manager Command executed successfully
2022-09-14T14:26:36.17Z INFO certificate-manager Selected operation: Replace SSL certificate with VMCA Certificate
2022-09-14T14:26:36.17Z INFO certificate-manager Running command : ['/usr/lib/vmware-vmafd/bin/vmafd-cli', 'get-pnid', '--server-name', 'localhost']
2022-09-14T14:26:36.36Z INFO certificate-manager Output :
vcenter.XXXXXXX.loc
2022-09-14T14:26:36.36Z INFO certificate-manager Running command : ['/usr/lib/vmware-vmafd/bin/vmafd-cli', 'get-machine-id', '--server-name', 'localhost']
2022-09-14T14:26:36.54Z INFO certificate-manager Output :
4dddda51-5e78-47df-951a-5ea419749fa1
2022-09-14T14:26:36.54Z INFO certificate-manager Please configure certool.cfg with proper values before proceeding to next step.
2022-09-14T14:26:36.54Z INFO certificate-manager Certificate Manager tool do not support vCenter HA systems
We rolled back to Version 7.0.1 and used
https://kb.vmware.com/s/article/76719
this fixed the certificate problem.
We tried to update to 7.0.3, but this failed again. so we stay with 7.0.1....
Please verify whether the directory /var/tmp/vmware exists, and create it if it doesn't. Then run the certificate manager again.
André
Directory exists and contains files and directories
drwxr-xr-x 3 analytics analytics 4096 Sep 13 2020 analytics
drwxr-xr-x 3 cis-license cis-license 4096 May 4 07:25 cis-license
drwxr-xr-x 3 eam root 4096 Sep 13 2020 eam
-rw------- 1 vmafdd-user lwis 1441 Sep 14 14:44 old_machine_ssl.crt
So, I moved it and rerun manager. No new certificate...
BTW: there is another expired certificate:
[*] Store : wcp
Alias : wcp
Not After : Sep 13 14:00:56 2022 GMT
[*] Store : BACKUP_STORE
We rolled back to Version 7.0.1 and used
https://kb.vmware.com/s/article/76719
this fixed the certificate problem.
We tried to update to 7.0.3, but this failed again. so we stay with 7.0.1....
Hi sachakerres,
what was the solution for wcp cert? Can you please share it with us?
I've got vcenter in HA mode as well , rolling back in not an option....