Sometimes we have an expired certificate error in vCenter, but in reality, the certificates are all valid, it’s time to clear BACKUP_STORE.
Sometimes we receive alerts of expired certificates and they will check and all of them are correct, it’s time to check the backup store.
1- Check Certificates
/usr/lib/vmware-vmafd/bin/vecs-cli entry list –store BACKUP_STORE –text
2- Backup certificate
/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert –store BACKUP_STORE –alias bkp_vpxd-extension –output /certificates/bkp_vpxd-extension.crt
/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert –store BACKUP_STORE –alias bkp_vpxd –output /certificates/bkp_vpxd.crt
/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert –store BACKUP_STORE –alias bkp_vsphere-webclient –output /certificates/bkp_vsphere-webclient.crt
/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert –store BACKUP_STORE –alias bkp_machine –output /certificates/bkp_machine.crt
/usr/lib/vmware-vmafd/bin/vecs-cli entry getcert –store BACKUP_STORE –alias bkp___MACHINE_CERT –output /certificates/bkp___MACHINE_CERT.crt
3- Delete Certificates
/usr/lib/vmware-vmafd/bin/vecs-cli entry delete –store BACKUP_STORE –alias bkp_vpxd-extension -y
/usr/lib/vmware-vmafd/bin/vecs-cli entry delete –store BACKUP_STORE –alias bkp_vpxd -y
/usr/lib/vmware-vmafd/bin/vecs-cli entry delete –store BACKUP_STORE –alias bkp_vsphere-webclient -y
/usr/lib/vmware-vmafd/bin/vecs-cli entry delete –store BACKUP_STORE –alias bkp_machine -y
/usr/lib/vmware-vmafd/bin/vecs-cli entry delete –store BACKUP_STORE –alias bkp___MACHINE_CERT -y
VMware created a script to help at https://kb.vmware.com/s/article/82560
Be First to Comment