In an
environment with a vCenter Server Appliance (VCSA) 6.5.x, 6.7.x or vCenter
Server 7.0.x, you experience these symptoms:
·
The vmware-vpxd service fails to start.
·
Logging in to
the vSphere Client fails with the error:
HTTP Status 400 – Bad Request Message BadRequest,
Signing certificate is not valid
To
resolve the Signing certificate is not valid error:
1.
Download the
attached fixsts.sh script from this
article and upload to the impacted PSC or vCenter Server with Embedded PSC
to the /tmp folder.
2.
If the
connection to upload to the vCenter by the SCP client is rejected, run this
from an SSH session to the vCenter:
# chsh -s /bin/bash
3.
Connect to the
PSC or vCenter Server with an SSH session if you have not already per Step 2.
4.
Navigate to
the /tmp directory:
# cd /tmp
5.
make the
file executable:
# chmod +x fixsts.sh
6.
Run the
script:
# ./fixsts.sh
7.
Restart
services on all vCenters and/or PSCs in your SSO domain by using below
commands:
8.
# service-control --stop --all &&
service-control --start --all
Note: Restart of services will fail if there are other expired
certificates like Machine SSL or Solution User. Proceed with the next step to
identify and replace expired certificates.
The
following one-liner can determine other expired certificates for the vCenter
Server Appliance:
·
for i in $(/usr/lib/vmware-vmafd/bin/vecs-cli store
list); do echo STORE $i; sudo /usr/lib/vmware-vmafd/bin/vecs-cli entry list
--store $i --text | egrep "Alias|Not After"; done
if above does not work.
run below command from vcenter shell mode.
/usr/lib/vmware-vmca/bin/certificate-manager
choose 8 and reset all certificate.
No comments:
Post a Comment