Signing certificate expiring on Windows vCenter Server 6.5

To verify cert expiration date run powershell one liner

OPTION 1

$VCInstallHome = [System.Environment]::ExpandEnvironmentVariables(“%VMWARE_CIS_HOME%”);foreach ($STORE in & “$VCInstallHome\vmafdd\vecs-cli” store list){Write-host STORE: $STORE;& “$VCInstallHome\vmafdd\vecs-cli” entry list –store $STORE –text | findstr /C:”Alias” /C:”Not After”}

OPTION 2

How to fix IT ?

Action Plan how to reset all certificate.
1. Take a memory snapshot of the VC prior to this.

2. Download and run fixsts script from https://kb.vmware.com/s/article/79263
download file option for Windows Vcenter Server – fixsts ( unzip script)

3. Restart Services
cd E:\Program Files\VMware\vCenter Server\bin
service-control –stop –all

cd E:\Program Files\VMware\vCenter Server\bin
service-control –start –all

4. Use this command to take note of the PNID. You will need this for later.
“E:\Program Files\VMware\vCenter Server\vmafdd\vmafd-cli.exe” get-pnid –server-name localhost”

5. Open Cert manager tool using: “E:\Program Files\VMware\vCenter Server\vmcad\certificate-manager”

– Select option 8: Reset all certificate
Please configure certool.cfg file with proper values before proceeding to next step.
Press Enter key to skip optional parameters or use Default value.
Enter proper value for ‘Country’ [Default value : US] : (Note: Value for Country should be only 2 letters)
Enter proper value for ‘Name’ [Default value : CA] :
Enter proper value for ‘Organization’ [Default value : VMware] :
Enter proper value for ‘OrgUnit’ [Default value : VMware Engineering] :
Enter proper value for ‘State’ [Default value : California] :
Enter proper value for ‘Locality’ [Default value : Palo Alto] :
Enter proper value for ‘IPAddress’ [optional] : vcenter ip address
Enter proper value for ‘Email’ [Default value : email
Enter proper value for ‘Hostname’ full FQDN name
Enter proper value for VMCA ‘Name’: short vcenter name
-Say Y to the next options.