Welcome to vInsanity.uk

Just another Blog site 🙂

Certificate Status vCenter Alarm

by

Phil_w@outlook.com

Just a quick post to give details on how to fixed the Certificate Status alarm in vCenter.

Error Certificate Status in vCenter.

This was the VMware article used in the end:

https://docs.vmware.com/en/VMware-vSphere/6.0/com.vmware.vsphere.security.doc/GUID-80C30209-028D-4F92-9551-CDB6B25A8403.html

Started off by running this command:

for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After";done;
vecs-cli store list

One of the commands above will give you a clue what certificate has expired, then list details of the store that it’s in (You need the Alias):

vecs-cli entry list --store <NameOfStore>

When i’d found an expired certificate, used the command below to remove it:

vecs-cli entry delete --store <NameOfStore> --alias <Alias>

It was simple in the end, however always make sure you have a vCenter snapshot first.

Leave a Reply

Your email address will not be published. Required fields are marked *

Categories

Archives

Tags

403 9000 Antrea automation AWS Bash blueprint Cert Certificate Disk space on SDDC Enabling VMware HA ESXi Failed Download Failed to deploy HCX health red identity manager invalid parameter Load balancing Migration MTU No Retry NSX NSX-T Orchestrator OVA import error Saltstack Tanzu ThrowableProxy.cause vCD vCenter VCF VCF 4.2 VM vmkping VMware VRA VRA8 vSphere vSphere8 VxRail VxRail Manager WIndows Workflows Workspace one