Signing certificate expiring on Windows vCenter Server 6.5
To verify cert expiration date run powershell one liner
OPTION 1
$VCInstallHome = [System.Environment]::ExpandEnvironmentVariables(“%VMWARE_CIS_HOME%”);foreach ($STORE in & “$VCInstallHome\vmafdd\vecs-cli” store list){Write-host STORE: $STORE;& “$VCInstallHome\vmafdd\vecs-cli” entry list –store $STORE –text | findstr /C:”Alias” /C:”Not After”}
OPTION 2
Login to WEB client and navigate to Administration/Certificate/Certificate Management
How to fix IT ?
Action Plan how to reset all certificate.
1. Take a memory snapshot of the VC prior to this.
2. Download and run fixsts script from https://kb.vmware.com/s/article/79263
download file option for Windows Vcenter Server – fixsts ( unzip script)
3. Restart Services
cd E:\Program Files\VMware\vCenter Server\bin
service-control –stop –all
cd E:\Program Files\VMware\vCenter Server\bin
service-control –start –all
4. Use this command to take note of the PNID. You will need this for later.
“E:\Program Files\VMware\vCenter Server\vmafdd\vmafd-cli.exe” get-pnid –server-name localhost”
5. Open Cert manager tool using: “E:\Program Files\VMware\vCenter Server\vmcad\certificate-manager”
– Select option 8: Reset all certificate
Please configure certool.cfg file with proper values before proceeding to next step.
Press Enter key to skip optional parameters or use Default value.
Enter proper value for ‘Country’ [Default value : US] : (Note: Value for Country should be only 2 letters)
Enter proper value for ‘Name’ [Default value : CA] :
Enter proper value for ‘Organization’ [Default value : VMware] :
Enter proper value for ‘OrgUnit’ [Default value : VMware Engineering] :
Enter proper value for ‘State’ [Default value : California] :
Enter proper value for ‘Locality’ [Default value : Palo Alto] :
Enter proper value for ‘IPAddress’ [optional] : vcenter ip address
Enter proper value for ‘Email’ [Default value : email
Enter proper value for ‘Hostname’ full FQDN name
Enter proper value for VMCA ‘Name’: short vcenter name
-Say Y to the next options.
6. Check if new certs was generated
OPTION 1 ( new certificate 23 November 2023 )
$VCInstallHome = [System.Environment]::ExpandEnvironmentVariables(“%VMWARE_CIS_HOME%”);foreach ($STORE in & “$VCInstallHome\vmafdd\vecs-cli” store list){Write-host STORE: $STORE;& “$VCInstallHome\vmafdd\vecs-cli” entry list –store $STORE –text | findstr /C:”Alias” /C:”Not After”}
OPTION 2
Login to WEB client and navigate to Administration/Certificate/Certificate Management
Same result 23 November 2023
Thanks