View Only

Renew expired embedded harbor registry certificate

  • 1.  Renew expired embedded harbor registry certificate

    Posted Apr 03, 2024 12:49 PM
      |   view attached


    I recently renewed the embedded Harbor certificate by doing the steps in this KB: https://kb.vmware.com/s/article/88464

    After that I got an error in the vSphere UI at the Harbor configuration page:

    "Harbor registry harbor-895976113 on cluster domain-c1006 is unhealthy. Reason: failed to get harbor health: Get "https://<VCSA IP>/api/health": x509: certificate signed by unknown authority."

    The cert was signed by the VMCA, but the vCenter certs has been renewed since the I enabled the Harbor. The Harbor UI has got the renewed cert, but I get the old root cert whe I try to download it from the UI.

    Is it possible to replace the root certs in Harbor by following the KB's step 7. but with the root cert or it is more complicated?

    And should I update the guest clusters after that to distribute the new certs?