VMware Cloud Community
efuhrmann
Contributor
Contributor
Jump to solution

SSL error vCenter 7

Hello,
My name is Emiliano, I'm new to the forum. I have VMware vCenter Server 7.0.0.10100, I can't login https, it shows the following error, "Exception in invoking authentication handler [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1076)"
I was researching and found the following solution https://kb.vmware.com/s/article/2097936

Before performing this task take a snapshot of the vCenter VM.
I SSH into vCenter, enable the shell, then run vSphere Certificate Manager.
I choose option 3, fill out the form, all with default values, then it asks, Enter proper value for VMCA 'Name' , and I really don't know what value I should enter.

I hope you can help me.
Thanks greetings

Reply
0 Kudos
1 Solution

Accepted Solutions
a_p_
Leadership
Leadership
Jump to solution

You may simply enter VMCA as the name.

As a side not: If the certificate replacement works as expected, you may then want to delete the expired backup certificates. Otherwise you will still see a warning in the vCenter Server UI (see https://kb.vmware.com/s/article/82560).
In addition to this, the hosts may need to be disconnected, and reconnected from/to vCenter Server again, so that they get a renewed certificate as well. I assume that you do not use vSAN, etc.!? In this case disconnecting/connection might not be a good idea.

André

View solution in original post

Reply
0 Kudos
3 Replies
a_p_
Leadership
Leadership
Jump to solution

You may simply enter VMCA as the name.

As a side not: If the certificate replacement works as expected, you may then want to delete the expired backup certificates. Otherwise you will still see a warning in the vCenter Server UI (see https://kb.vmware.com/s/article/82560).
In addition to this, the hosts may need to be disconnected, and reconnected from/to vCenter Server again, so that they get a renewed certificate as well. I assume that you do not use vSAN, etc.!? In this case disconnecting/connection might not be a good idea.

André

Reply
0 Kudos
efuhrmann
Contributor
Contributor
Jump to solution

Hello Thank you very much for answering. I'm going to try it and I'll be notifying if it worked for me. Thanks

Reply
0 Kudos
kido20039
Contributor
Contributor
Jump to solution

You're right, I had to generate a script for this to be solved, but hey, that's it on my side.

Reply
0 Kudos