vCenter

 View Only
  • 1.  VMWARE VCSA7 Appliance and WSP certificate renewal

    Posted Nov 27, 2022 06:23 PM

    Hello,
    I want to ask if anyone has encountered a problem with VMware Vsphere, I have several Vsphere 7 machines as an appliance, when renewing the certificate via

    /usr/lib/vmware-vmca/bin/certificate-manager

    3. Replace Machine SSL certificate with VMCA Certificate 

    compcentrum_0-1669573290049.png

    The certificate was exchanged correctly
    is the only one that does not renew the wcp service certificate

    compcentrum_1-1669573351943.png

     

    Could someone advise how to extend the wcp certificate
    Thanks for advice

    Jan



  • 2.  RE: VMWARE VCSA7 Appliance and WSP certificate renewal

    Posted Nov 27, 2022 08:06 PM

    Have you checked VMware articles ?

    https://kb.vmware.com/s/article/80588 



  • 3.  RE: VMWARE VCSA7 Appliance and WSP certificate renewal

    Posted Nov 27, 2022 08:31 PM

    I tried that just now and anyway, even if everything goes correctly, the certificate is not extended according to the statement from

    root@localhost [ ~ ]# /usr/lib/vmware-vmafd/bin/vecs-cli entry getcert --store vpxd-extension --alias vpxd-extension --output /certificate/vpxd-extension.crt
    root@localhost [ ~ ]# /usr/lib/vmware-vmafd/bin/vecs-cli entry getkey --store vpxd-extension --alias vpxd-extension --output /certificate/vpxd-extension.key
    root@localhost [ ~ ]# python /usr/lib/vmware-vpx/scripts/updateExtensionCertInVC.py -e com.vmware.vim.eam -c /certificate/vpxd-extension.crt -k /certificate/vpxd-extension.key -s localhost -u Administrator@vsphere.local
    Password to connect to VC server for user="Administrator@vsphere.local":
    2022-11-27T20:20:34.290Z Updating certificate for "com.vmware.vim.eam" extension
    2022-11-27T20:20:34.475Z Successfully updated certificate for "com.vmware.vim.eam" extension
    2022-11-27T20:20:34.501Z Verified login to vCenter Server using certificate="/certificate/vpxd-extension.crt" is successful
    root@localhost [ ~ ]# service-control --stop vmware-eam
    Operation not cancellable. Please wait for it to finish...
    Performing stop operation on service eam...
    Successfully stopped service eam
    root@localhost [ ~ ]# service-control --start --all
    Operation not cancellable. Please wait for it to finish...
    Performing start operation on service lwsmd...
    Successfully started service lwsmd
    Performing start operation on service vmafdd...
    Successfully started service vmafdd
    Performing start operation on service vmdird...
    Successfully started service vmdird
    Performing start operation on service vmcad...
    Successfully started service vmcad
    Performing start operation on profile: ALL...
    Successfully started profile: ALL.
    Performing start operation on service observability...
    Successfully started service observability
    Performing start operation on service vmware-vdtc...
    Successfully started service vmware-vdtc
    Performing start operation on service vmware-pod...
    Successfully started service vmware-pod
    root@localhost [ ~ ]# for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list); do echo "Store: ${store}"; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store ${store} --text | grep -E 'Alias|Not After'; done
    Store: MACHINE_SSL_CERT
    Alias : __MACHINE_CERT
    Not After : Nov 14 06:54:07 2024 GMT
    Store: TRUSTED_ROOTS
    Alias : acb1e65697cee71c29c05a0925292204990c63c0
    Not After : May 23 08:40:12 2032 GMT
    Alias : b77b71b904ccb81332a2d573698d31456f893abc
    Not After : Nov 8 19:30:05 2032 GMT
    Store: TRUSTED_ROOT_CRLS
    Alias : 664479f1314f9cac731f22485299022521a97d06
    Alias : 5eb5e2cad8bc06f917bef01c43678164fe3f7034
    Store: machine
    Alias : machine
    Not After : May 23 08:40:12 2032 GMT
    Store: vsphere-webclient
    Alias : vsphere-webclient
    Not After : May 23 08:40:12 2032 GMT
    Store: vpxd
    Alias : vpxd
    Not After : May 23 08:40:12 2032 GMT
    Store: vpxd-extension
    Alias : vpxd-extension
    Not After : May 23 08:40:12 2032 GMT
    Store: hvc
    Alias : hvc
    Not After : May 23 08:40:12 2032 GMT
    Store: data-encipherment
    Alias : data-encipherment
    Not After : May 23 08:40:12 2032 GMT
    Store: APPLMGMT_PASSWORD
    Store: SMS
    Alias : sms_self_signed
    Not After : May 29 08:45:00 2032 GMT
    Store: wcp
    Alias : wcp
    Not After : May 28 08:37:11 2024 GMT
    Store: BACKUP_STORE
    Alias : bkp___MACHINE_CERT
    Not After : May 28 20:40:12 2024 GMT
    Alias : bkp_machine
    Not After : May 23 08:40:12 2032 GMT
    Alias : bkp_vsphere-webclient
    Not After : May 23 08:40:12 2032 GMT
    Alias : bkp_vpxd
    Not After : May 23 08:40:12 2032 GMT
    Alias : bkp_vpxd-extension
    Not After : May 23 08:40:12 2032 GMT
    Alias : bkp_hvc
    Not After : May 23 08:40:12 2032 GMT
    Alias : bkp_wcp
    Not After : May 28 08:37:11 2024 GMT



  • 4.  RE: VMWARE VCSA7 Appliance and WSP certificate renewal

    Posted Nov 27, 2022 08:49 PM

    First time when I see a such error. 
    What is your vCenter version?



  • 5.  RE: VMWARE VCSA7 Appliance and WSP certificate renewal

    Posted Nov 28, 2022 07:26 AM

    Version: 7.0.1
    Build: 17005016



  • 6.  RE: VMWARE VCSA7 Appliance and WSP certificate renewal

    Posted May 12, 2023 06:43 AM

    Before 7.0U2, wcp certificate as well as Machine SSL Certificate expire in 2 years , so it was correctly updated to 2024 from 2022.



  • 7.  RE: VMWARE VCSA7 Appliance and WSP certificate renewal

    Broadcom Employee
    Posted Nov 27, 2022 09:14 PM

    As your post needs moving to a different area, I have reported it to the moderators.