Hello Lalegre,
I just checked both PSCs and on PSC01 under this path: /etc/vmware/vmware-vmafd missing both: machine-ssl.crt machine-ssl.key - on the other PSC02 both of them are exist. On both of them have the ca.crt
The thing now is while I run before the wizard, I choose the number 4. and now the ca.crt has been replaced with a new one...
[ /storage/certmanager ]# /usr/lib/vmware-vmca/bin/certificate-manager
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
| |
| *** Welcome to the vSphere 6.5 Certificate Manager *** |
| |
| -- Select Operation -- |
| |
| 1. Replace Machine SSL certificate with Custom Certificate |
| |
| 2. Replace VMCA Root certificate with Custom Signing |
| Certificate and replace all Certificates |
| |
| 3. Replace Machine SSL certificate with VMCA Certificate |
| |
| 4. Regenerate a new VMCA Root Certificate and |
| replace all certificates |
| |
| 5. Replace Solution user certificates with |
| Custom Certificate |
| |
| 6. Replace Solution user certificates with VMCA certificates |
| |
| 7. Revert last performed operation by re-publishing old |
| certificates |
| |
| 8. Reset all Certificates |
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|
The problem now is that the wizard is not running...
[ /storage/certmanager ]# /usr/lib/vmware-vmca/bin/certificate-manager
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
| |
| *** Welcome to the vSphere 6.5 Certificate Manager *** |
| |
| -- Select Operation -- |
| |
| 1. Replace Machine SSL certificate with Custom Certificate |
| |
| 2. Replace VMCA Root certificate with Custom Signing |
| Certificate and replace all Certificates |
| |
| 3. Replace Machine SSL certificate with VMCA Certificate |
| |
| 4. Regenerate a new VMCA Root Certificate and |
| replace all certificates |
| |
| 5. Replace Solution user certificates with |
| Custom Certificate |
| |
| 6. Replace Solution user certificates with VMCA certificates |
| |
| 7. Revert last performed operation by re-publishing old |
| certificates |
| |
| 8. Reset all Certificates |
|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|
Note : Use Ctrl-D to exit.
Option[1 to 8]: 3
Please provide valid SSO and VC priviledged user credential to perform certificate operations.
Enter username [Administrator@vsphere.local]:administrator@domain.local
Enter password:
Traceback (most recent call last):
File "/usr/lib/vmware-vmca/bin/certificate-manager", line 716, in <module>
exit(main())
File "/usr/lib/vmware-vmca/bin/certificate-manager", line 710, in main
parse_arguments()
File "/usr/lib/vmware-vmca/bin/certificate-manager", line 701, in parse_arguments
get_machine_ssl_cert_to_dir()
File "/usr/lib/vmware-vmca/bin/certificate-manager", line 573, in get_machine_ssl_cert_to_dir
vecs.get_cert_file(Constants.MACHINE_SSL_STORE, Constants.MACHINE_SSL_ALIAS, oldcert)
File "/usr/lib/vmware/site-packages/cis/certificateManagerOps.py", line 438, in get_cert_file
raise e
cis.exceptions.InvokeCommandException: {
"resolution": null,
"detail": [
{
"args": [
""
],
"id": "install.ciscommon.command.errinvoke",
"localized": "An error occurred while invoking external command : ''",
"translatable": "An error occurred while invoking external command : '%(0)s'"
},
"Error while creating backup cert file for MACHINE_SSL_CERT"
],
"componentKey": null,
"problemId": null
}
As I mentioned on my previous post, I followed this link below but didn't work:
I found a VMware article which suggests to delete and re-create the directory for the backup/VMware certs but didn't work. https://kb.vmware.com/s/article/67660
To summarize the steps now:
- Fix the PSC01 Wizard and re-create the self-signed certificate - I am looking how to fix the wizard and re-create the self-signed certificate
- Update the expired self-signed certificate on PSC02 - Need to find how to update the expired self-signed certificate
- Update the self-signed certificate from PSC01 to VCSA - Need to find how to update the self-signed certificate on VCSA