Certificate Status vCenter Alarm

Just a quick post to give details on how we fixed this alarm in vCenter.

This was the VMware article used in the end:

https://docs.vmware.com/en/VMware-vSphere/6.0/com.vmware.vsphere.security.doc/GUID-80C30209-028D-4F92-9551-CDB6B25A8403.html

Started off by running this command:

for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After";done;
vecs-cli store list

One of the commands above will give you a clue what certificate has expired, then list details of the store that it’s in (You need the Alias):

vecs-cli entry list --store <NameOfStore>

When i’d found an expired certificate, used the command below to remove it:

vecs-cli entry delete --store <NameOfStore> --alias <Alias>

It was simple in the end, however always make sure you have a vCenter snapshot first.

Leave a Reply

Your email address will not be published. Required fields are marked *