VMware vSphere

 View Only

  • 1.  vCenter Server 7.0 certificate expiry warning

    Posted Jan 04, 2023 08:20 AM

    My first post on here, hoping that someone could provide some assistance.

    Apologies if this is the wrong board to post in, I know it's probably not right, but unsure where exactly to post it.

    On our test rig we are running vCenter Server 7.0.1.00100 and on the main vCenter home page there is a warning for "Certificate Status"
    Using the information provided by this support article -
    https://kb.vmware.com/s/article/82332

    I was able to see that 2 certificates were due to expiry.

    1 was in the BACKUP_STORE store and I have removed that using information provided by -
    https://kb.vmware.com/s/article/68171

    The other certificate is wcp which is due to expiry on the 13th of January.

    I do not know what a wcp certificate is for or what the consequences are of the certificate expiring.

    Please could someone tell me what the wcp certificate is used for, what will happen when it expires and how to renew the certificate.

    Thanks.



  • 2.  RE: vCenter Server 7.0 certificate expiry warning

    Posted Jan 04, 2023 09:20 AM

    CAPW controller  is an abbreviation for Cluster API for Workload Control Plane (WCP) controller.  WCP is how VMware engineers refer to the capability enabled through the Supervisor Cluster.  The CAPW controller is the infrastructure specific implementation of Cluster API.

     

    Check also this article:

    Replace Solution User Certificates (Intermediate CA) (vmware.com) 

     

    And this one:

    WCP Service fails to start after replacing vCenter Server certificates (80588) (vmware.com)



  • 3.  RE: vCenter Server 7.0 certificate expiry warning

    Posted Jan 04, 2023 10:30 AM

    Thanks for this information it is very helpful.

    I have found the following article as well - 

    Where vSphere Uses Certificates (vmware.com)

    which states that 

    • wcp: VMware vSphere® with VMware Tanzu™ store.

    Now, we don't use VMware Tanzu in our environment but we do have an NSX-T.

    Do we know if the wcp certificate is related to the installation/deployment of the NSX-T?

    Also, does anyone know what will happen if the certificate expires?

    I recently renewed the __MACHINE_CERT successfully and no other certificates are due to expire, only the wcp one.

    Is it possible to just carry out the creation and deployment of the wcp certificate (as mentioned here Replace Solution User Certificates (Intermediate CA) (vmware.com)) without negatively affecting all the other certificates?



  • 4.  RE: vCenter Server 7.0 certificate expiry warning

    Posted Jan 04, 2023 08:58 PM

    If cert will expire you will lose access to your vCenter. 

    the only option will left - ssh session.



  • 5.  RE: vCenter Server 7.0 certificate expiry warning

    Posted Jan 04, 2023 09:32 AM

    As your post needs moving to the area for vCenter Server, I have reported it to the volunteer moderators.

    Once it has been moved, the path shown above your opening comment will change.