VMware Cloud Community
parsecdata1
Contributor
Contributor
‎08-17-2020 08:45 PM

Some certs expired but not root certs

Hello all! 

We have had an issue with certs over the last couple of days.

certs.PNG

Our vcenter is installed on a windows machine, it is not an appliance.  We are on vCenter 6 version 3g.  I know it is out of date, we are not in a position to update any of it.  We currently have a new environment with updated software but it will be a few months as we migrate.  Within our vcenter we also have NSX and VCD so we are cautious about doing anything cert related.

Currently we cannot log into our vsphere environment unless we role back the time to a date prior to 8/15, after changing the date and restarting the web service, we are able to log in.  I know the location of the certificate manager application on the windows machine but we are unsure the best route to take dealing with these certs.  Again, we do not want to use custom certs or redo root certs, we just need to extend these 4 certs to get everything working while we migrate to the new environment.

Any help would be greatly appreciated.

3 Replies
NicolasAlauzet
Expert
Expert
‎08-17-2020 10:36 PM

Hi there,

Check this kb that is to fix the expired certificates: VMware Knowledge Base

Also, you can open a ticket with support to assist you in this scenarios.

-------------------------------------------------------------------
Triple VCIX (CMA-NV-DCV) | vExpert | MCSE | CCNA
parsecdata1
Contributor
Contributor
‎08-17-2020 11:32 PM

We already opened a ticket, over 10 hours ago as a sev 1 because we could not access the vsphere web client or the vsphere windows client and our vcd environment could not access it either. The support team knocked it down to a sev 2 because it is vsphere 6 which they said is no longer supported and I have not heard back since.  So much for paying for support.

I have already looked over the article you provided and a few others like it.  It talks about re generating root certs for the vsphere server.  Having vcd and nsx attached to this vsphere, we are not sure what generating new root certs will do with those connections.  Since vmware support won't even answer us, i am not willing to take that chance of our environment going down and being ignored by support.

Surely there has to be a way to do something with just those 4 certs in the picture I provided in this thread without breaking all the connections to everything else.

0 Kudos
nachogonzalez
Commander
Commander
‎08-18-2020 10:58 AM

I have replaced the certs many times on vSphere and it does not break the integrations (at least with orchestrator)
Either way, re-registering NSX and vCenter is easy peasy and it won't cause any data-loss or service downtime, the same applies to vCD.
If integration breaks,  you will lose only management, not control or data planes (speaking of NSX) in case of vCD you will not be able to execute any actions on the vCenter but it won't affect services. What you should do is simple re-register the vCenter and you are back to service.

Blog Nachogonzalez.com.ar Twitter @nachogon_
0 Kudos