VMware Cloud Community
onkeltom666
Contributor
Contributor
‎12-19-2020 01:56 PM

Removing unused CA Certificates from vCenter Server 7

Hello Community!

I hope you can help me with the following issue: 

In my vCenter Server 7 (7.0.1 U1c Build: 17327586) there are many trusted CA certificates which where created during another issue where I tried to replace all certificates by using the certificate-manager. After I updated the hole PKI, I enrolled quite new certificates and I wanted to remove this "old" ones which are unused now and this seems to be more difficult as I thought.

Even through these CA certificates are not expired I followed this guide and removed all CA certificates which are not used anymore: Removing Expired CA Certificates from the TRUSTED_ROOTS store in the VMware Endpoint Certificate Sto... 

At the beginning it seems it worked as expected, but after I reboot the VCSA and I take a look in the certification administration in vCenter I am not longer able to see any certificates. Instead I get the following error: Error occurred while fetching machine certificates: This method requires authentication.

What did I wrong here? How can I fix that?

Thank you!

Reply
0 Kudos
3 Replies
jburen
Expert
Expert
‎12-20-2020 11:18 PM

I am afraid it is not possible to tell you what you did wrong. Certificates can be a real pain in the *** so always create backups/snapshots before you make changes. I don't know if it is possible but maybe you can rebuild vCenter from scratch?

Consider giving Kudos if you think my response helped you in any way.
Reply
0 Kudos
onkeltom666
Contributor
Contributor
‎12-21-2020 03:37 AM

Thank you for your reply! 

Of course I have backups of the server and I already restored the vCenter from that successfully. So nothing damaged here 🙂 But I am further interested of removing these old certificates. I already tried to repeat the procedure to get sure I did not any stupid mistakes with the guide. But after that I had the same problem...

Reply
0 Kudos
jburen
Expert
Expert
‎12-21-2020 11:38 PM

So maybe one or more certificates you deleted are still being used. Otherwise, you wouldn't get the errors. Personally, I would investigate the possibility to do a reinstall of the VCSA. I always want to be sure that there are no strange issues that might bite you later on.

Consider giving Kudos if you think my response helped you in any way.
Reply
0 Kudos