How to renew vSphere 6.5 & 6.7 certificates.

July 13, 2021 at 3:38 pm Leave a comment

When the VCenter Certificate is expired , you will be blocked from logging in to the VCenter . However , the Appliance Management will continue to work. Be noted that there a 2 categories of certificates.

  • VMware Security Token Service (STS)
  • Solution , Machine , Root and Other certificates.

Import Notes:

  1. You could avoid all these messy steps , had you monitor and check for the
    warnings on the VCenter Administration page for Certificate expiry events.
  2. For Windows based VCenter , you can refer the same KB’s mentioned here for the detailed steps.
  3. You may face an error when uploading the scripts to the VCSA via WinSCP . The Solution is provided in the same KB’s.
  4. Certificate Manager may fail during the process , you could refer the https://mueller-tech.com/2019/06/28/replacing-expired-certificates/ for the solution.

I used the below mentioned steps to confirm the expiry date for both of these certificates

STS – Please refer the KB:
https://kb.vmware.com/s/article/79248 (It will require to download a script – checksts.py)

Others – Run the below command in the VCSA.
for i in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list); do echo STORE $i; sudo /usr/lib/vmware-vmafd/bin/vecs-cli entry list –store $i –text | egrep “Alias|Not After”; done

In my situation , both of the certificate types were expired and I had to replace all of them. To replace the STS certifcate , you could utilize a script provided by VMWare (fixsts.sh) using the KB : https://kb.vmware.com/s/article/76719

Once it is done , you need to restart the VCenter services using the below commands.

service-control –stop –all

service-control –start –all

service-control –status.

Thereafter , you could proceed to replace the other certificates using the VSphere Certificate Manager https://kb.vmware.com/s/article/2112283

Entry filed under: VMware. Tags: , , , , .

How to verify SPF/DKIM/DMARC/DomainKey/RBL tests parsed on the email.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Trackback this post  |  Subscribe to the comments via RSS Feed


Archives

Categories

Follow Hope you like it.. on WordPress.com

Blog Stats

  • 44,068 hits

%d bloggers like this: