VMware vSphere

Hi Team,

In Our vCenter SSL certificate is going to expire ,

Please share me the steps for how to re-new the SSL certificate.

Currently we are using self signed certificate

vCenter version: 7.0.3

https://knowledge.broadcom.com/external/article?legacyId=2097936

I'm getting close to having to do mine again! 

Hi Team,

In Our vCenter SSL certificate is going to expire ,

Please share me the steps for how to re-new the SSL certificate.

Currently we are using self signed certificate

vCenter version: 7.0.3

I have done all these steps, I can log in to the server using 5480, but when I try to access vCenter, I get a '404 Not Found' error

https://knowledge.broadcom.com/external/article?legacyId=2097936

I'm getting close to having to do mine again! 

Hi Team,

In Our vCenter SSL certificate is going to expire ,

Please share me the steps for how to re-new the SSL certificate.

Currently we are using self signed certificate

vCenter version: 7.0.3

That looks like a DNS issue, not a cert issue.

I have done all these steps, I can log in to the server using 5480, but when I try to access vCenter, I get a '404 Not Found' error

https://knowledge.broadcom.com/external/article?legacyId=2097936

I'm getting close to having to do mine again! 

Hi Team,

In Our vCenter SSL certificate is going to expire ,

Please share me the steps for how to re-new the SSL certificate.

Currently we are using self signed certificate

vCenter version: 7.0.3

That looks like a DNS issue, not a cert issue.

I have done all these steps, I can log in to the server using 5480, but when I try to access vCenter, I get a '404 Not Found' error

https://knowledge.broadcom.com/external/article?legacyId=2097936

I'm getting close to having to do mine again! 

Hi Team,

In Our vCenter SSL certificate is going to expire ,

Please share me the steps for how to re-new the SSL certificate.

Currently we are using self signed certificate

vCenter version: 7.0.3

Hi Team,

In Our vCenter SSL certificate is going to expire ,

Please share me the steps for how to re-new the SSL certificate.

Currently we are using self signed certificate

vCenter version: 7.0.3

Same. Ours shows it expires in early 2025. Id like to get this done but the documentation makes no sense.  I show our machine cert and sts certs will expire in early 2025. The others are good until later.....2028 or 2030 i believe but im lost on how to update those 2. I know if yours STS certs expire you will have major issues. 

I cant find any clear instruction how to update any of it. 

I see reply 2 has a link but no place in this does it talk anything about renewing expiring certs. Only full replacement which im not sure is the same thing.  Also....id like to update the self signed ones and not use external ones at this time. 

Original Message:
Sent: Oct 31, 2024 01:34 AM
From: Adarsh OP
Subject: VMware vCenter 7.0.3 SSL certificate renewal request

Hi Team,

In Our vCenter SSL certificate is going to expire ,

Please share me the steps for how to re-new the SSL certificate.

Currently we are using self signed certificate

vCenter version: 7.0.3

Start with shutting down and taking a snapshot. I have linked vCenters so I have to take them both down and snap before beginning.

Machine: https://knowledge.broadcom.com/external/article?legacyId=2097936

The KB for Machine talks about running the certificate manager to replace the machine cert. 
/usr/lib/vmware-vmca/bin/certificate-manager
When I last did this, with the help of support, they instructed me to choose option 8. My notes from last time showed accepting all defaults with the exception of the value for hostname (FQDN). Note, this is if you are replacing the existing self-signed originally issued by your vCenter server. If you have one from a different CA, the process would be different.

STS: https://knowledge.broadcom.com/external/article?legacyId=76719
Last time I did STS, support directed me to the above KB. Note, my cert wasn't expired, I was told it's the same procedure for renewing. Download the fixsts script.

Same. Ours shows it expires in early 2025. Id like to get this done but the documentation makes no sense.  I show our machine cert and sts certs will expire in early 2025. The others are good until later.....2028 or 2030 i believe but im lost on how to update those 2. I know if yours STS certs expire you will have major issues. 

I cant find any clear instruction how to update any of it. 

I see reply 2 has a link but no place in this does it talk anything about renewing expiring certs. Only full replacement which im not sure is the same thing.  Also....id like to update the self signed ones and not use external ones at this time. 

Original Message:
Sent: Oct 31, 2024 01:34 AM
From: Adarsh OP
Subject: VMware vCenter 7.0.3 SSL certificate renewal request

Hi Team,

In Our vCenter SSL certificate is going to expire ,

Please share me the steps for how to re-new the SSL certificate.

Currently we are using self signed certificate

vCenter version: 7.0.3

Thanks. I had read those 2 articles earlier. The STS one is for an expired cert, not one that hasnt expired. Are you saying the process is the same? That seems odd. 

Do these have to be done in any order? Should the STS ones be done before the machine one...or doesnt it matter? My machine cert expires sooner than my sts certs but only by a few months.  I guess im not sure how these dates are not the same for all the certs. Im guessing from various upgrades over the years maybe. 

I will say too that i have 2 trusted root CAs listed. One expires 10/2025 and the other one listed shows 2030. I suspect that the 2025 one might be an older legacy one from when we had a external PSC which has been decommed and removed per a previous upgrade as part of vmwares best practice to now run the PSC embedded again with vcenter.  I can say that the listed "vmware certificate authority cert" shows that it doesnt expire until 2030 so i should be good there. I just need to worry about the machine and sts certs. 

Anyway..i can always try to lab this process for the cert renewal but my lab shows all certs including the root showing the same date of 2031 so im not sure renewing anything will change the dates here or that it would be a good test.

I wish they would make this process easier or at least make more sense. Id hate to have issues here and not be able to get into vcenter in our production environment. 

Start with shutting down and taking a snapshot. I have linked vCenters so I have to take them both down and snap before beginning.

Machine: https://knowledge.broadcom.com/external/article?legacyId=2097936

The KB for Machine talks about running the certificate manager to replace the machine cert. 
/usr/lib/vmware-vmca/bin/certificate-manager
When I last did this, with the help of support, they instructed me to choose option 8. My notes from last time showed accepting all defaults with the exception of the value for hostname (FQDN). Note, this is if you are replacing the existing self-signed originally issued by your vCenter server. If you have one from a different CA, the process would be different.

STS: https://knowledge.broadcom.com/external/article?legacyId=76719
Last time I did STS, support directed me to the above KB. Note, my cert wasn't expired, I was told it's the same procedure for renewing. Download the fixsts script.

Same. Ours shows it expires in early 2025. Id like to get this done but the documentation makes no sense.  I show our machine cert and sts certs will expire in early 2025. The others are good until later.....2028 or 2030 i believe but im lost on how to update those 2. I know if yours STS certs expire you will have major issues. 

I cant find any clear instruction how to update any of it. 

I see reply 2 has a link but no place in this does it talk anything about renewing expiring certs. Only full replacement which im not sure is the same thing.  Also....id like to update the self signed ones and not use external ones at this time. 

Original Message:
Sent: Oct 31, 2024 01:34 AM
From: Adarsh OP
Subject: VMware vCenter 7.0.3 SSL certificate renewal request

Hi Team,

In Our vCenter SSL certificate is going to expire ,

Please share me the steps for how to re-new the SSL certificate.

Currently we are using self signed certificate

vCenter version: 7.0.3

For STS, yes, same process for expiring. The article makes it sound like you do this process if the cert expired and you are having problems.

I really don't think it matters which you replace first. Since you shut down to take a snapshot first, you may as well run through both processes.

Agreed, it's not the clearest and the expirations make no sense. My older vCenter's machine cert was issued way back in 2015 when we had an external PSC. It's good for another year! My newer vCenter, I last replaced the machine cert in 2022. I think that vCenter was deployed about 6 years ago, my predecessor must have had to renew at the 2 year mark, then I did approaching 2 years ago. I've got a month to do this. 

Thanks. I had read those 2 articles earlier. The STS one is for an expired cert, not one that hasnt expired. Are you saying the process is the same? That seems odd. 

Do these have to be done in any order? Should the STS ones be done before the machine one...or doesnt it matter? My machine cert expires sooner than my sts certs but only by a few months.  I guess im not sure how these dates are not the same for all the certs. Im guessing from various upgrades over the years maybe. 

I will say too that i have 2 trusted root CAs listed. One expires 10/2025 and the other one listed shows 2030. I suspect that the 2025 one might be an older legacy one from when we had a external PSC which has been decommed and removed per a previous upgrade as part of vmwares best practice to now run the PSC embedded again with vcenter.  I can say that the listed "vmware certificate authority cert" shows that it doesnt expire until 2030 so i should be good there. I just need to worry about the machine and sts certs. 

Anyway..i can always try to lab this process for the cert renewal but my lab shows all certs including the root showing the same date of 2031 so im not sure renewing anything will change the dates here or that it would be a good test.

I wish they would make this process easier or at least make more sense. Id hate to have issues here and not be able to get into vcenter in our production environment. 

Start with shutting down and taking a snapshot. I have linked vCenters so I have to take them both down and snap before beginning.

Machine: https://knowledge.broadcom.com/external/article?legacyId=2097936

The KB for Machine talks about running the certificate manager to replace the machine cert. 
/usr/lib/vmware-vmca/bin/certificate-manager
When I last did this, with the help of support, they instructed me to choose option 8. My notes from last time showed accepting all defaults with the exception of the value for hostname (FQDN). Note, this is if you are replacing the existing self-signed originally issued by your vCenter server. If you have one from a different CA, the process would be different.

STS: https://knowledge.broadcom.com/external/article?legacyId=76719
Last time I did STS, support directed me to the above KB. Note, my cert wasn't expired, I was told it's the same procedure for renewing. Download the fixsts script.

Same. Ours shows it expires in early 2025. Id like to get this done but the documentation makes no sense.  I show our machine cert and sts certs will expire in early 2025. The others are good until later.....2028 or 2030 i believe but im lost on how to update those 2. I know if yours STS certs expire you will have major issues. 

I cant find any clear instruction how to update any of it. 

I see reply 2 has a link but no place in this does it talk anything about renewing expiring certs. Only full replacement which im not sure is the same thing.  Also....id like to update the self signed ones and not use external ones at this time. 

Original Message:
Sent: Oct 31, 2024 01:34 AM
From: Adarsh OP
Subject: VMware vCenter 7.0.3 SSL certificate renewal request

Hi Team,

In Our vCenter SSL certificate is going to expire ,

Please share me the steps for how to re-new the SSL certificate.

Currently we are using self signed certificate

vCenter version: 7.0.3

Hi Team,

In Our vCenter SSL certificate is going to expire ,

Please share me the steps for how to re-new the SSL certificate.

Currently we are using self signed certificate

vCenter version: 7.0.3