vCenter update certs

检查过期相关组件

1
2
3
4
5
for i in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list);  \
do
echo STORE $i; \
sudo /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $i --text | egrep "Alias|Not After";
done

回显

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
STORE MACHINE_SSL_CERT
Alias : __MACHINE_CERT
Not After : Jul 24 05:29:45 2023 GMT
STORE TRUSTED_ROOTS
Alias : ca6378753e13f38f2c78597723bbfbd2bdab5c70
Not After : Feb 12 06:34:52 2029 GMT
STORE TRUSTED_ROOT_CRLS
Alias : 66a9d0b33019168ebc8ab857f2d2e6d3f9ef7d02
STORE machine
Alias : machine
Not After : Jul 24 05:30:47 2023 GMT
STORE vsphere-webclient
Alias : vsphere-webclient
Not After : Jul 24 05:30:48 2023 GMT
STORE vpxd
Alias : vpxd
Not After : Jul 24 05:30:49 2023 GMT
STORE vpxd-extension
Alias : vpxd-extension
Not After : Jul 24 05:30:50 2023 GMT
STORE SMS
Alias : sms_self_signed
Not After : Feb 18 06:49:32 2029 GMT

签证书文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
/usr/lib/vmware-vmca/share/config/certool.cfg
#
# Template file for a CSR request
#
# Country is needed and has to be 2 characters
Country = US
Name = CA
Organization = VMware
OrgUnit = VMware Engineering
State = California
Locality = Palo Alto
IPAddress = 192.168.1.250
Email = email@acme.com
Hostname = 192.168.1.250

获取PNID

1
2
root@photon-machine [ ~ ]# /usr/lib/vmware-vmafd/bin/vmafd-cli get-pnid --server-name localhost
192.168.1.250

全部更新证书

1
/usr/lib/vmware-vmca/bin/certificate-manager

总结

vcenter 6.5证书过期解决办法参考:
https://kb.vmware.com/s/article/76719
https://kb.vmware.com/s/article/2097936
https://kb.vmware.com/s/article/2112283