vCenter

 View Only
  • 1.  LDAPS Alarm - Identity Source LDAP Certificate is about to expire

    Posted May 30, 2023 04:09 PM

    Hi All,

    We recently switched our AD auth on vCenter (7.0.3) from IWA to LDAPS.

    As part of the LDAPS configuration, we grabbed 2 x Domain Controller certs using OpenSSL and imported them into vCenter.

    Recently we've started getting alarms across multiple vCenters because 1 of the 2 certs is nearing expiry. However it doesn't actually expire for 42 days (6 weeks) and we can't grab a new cert until the Domain Controller has auto renewed it via AD Certificate Services.

    Is there a way to reconfigure the vCenter alarm threshold so we're not stuck with this alarm for 42 days?



  • 2.  RE: LDAPS Alarm - Identity Source LDAP Certificate is about to expire

    Posted May 30, 2023 05:32 PM

    Hello ,

    If you need to disable the alert, you can go to the vCenter object -> Configure -> Alarm Definitions, then search for "Identity Source LDAP Certificate is about to expire" and click on Disable. Check on the screenshot below:

    Lalegre_3-1685467899984.png

     

     



  • 3.  RE: LDAPS Alarm - Identity Source LDAP Certificate is about to expire

    Posted May 30, 2023 07:12 PM

     - Thanks for the suggestion, but disabling the alert isn't an option, as this is a production environment and we still need it, just not for 42 days

    I'm looking for a way to change the 42 day alert threshold, to something more sensible, say 5 days, and wondered if anyone knows how to do that? 



  • 4.  RE: LDAPS Alarm - Identity Source LDAP Certificate is about to expire

    Posted May 31, 2023 06:36 AM

    Hello, 

    Since this cert of LDAPS comes from the Domain controller and as you mentioned it will be renewed on the Domain controller, I guess there is no way to suppress this alarm. 

     

    Regards

    Harry



  • 5.  RE: LDAPS Alarm - Identity Source LDAP Certificate is about to expire

    Posted May 31, 2023 11:19 AM

    Hi  

    As above, i'm not trying to suppress the alarm, i'm trying to reconfigure the alarm threshold, which is currently set to 42 days.

     

    Where the certificate comes from isn't relevant as i see it. All i wish to do is reduce the alarm threshold for the certificate expiry to a lower value, but can't see how to do it.



  • 6.  RE: LDAPS Alarm - Identity Source LDAP Certificate is about to expire

    Posted May 31, 2023 03:17 PM

    I understand , I don't see an option to change the alarm definition,

    Regards

    Harry