{"id":2419,"date":"2025-04-29T21:33:26","date_gmt":"2025-04-29T12:33:26","guid":{"rendered":"http:\/\/nsb.homeip.net\/wp\/?p=2419"},"modified":"2025-11-12T20:37:19","modified_gmt":"2025-11-12T11:37:19","slug":"vmware-vcenter-vcsa%e3%81%ae%e8%a8%bc%e6%98%8e%e6%9b%b8%e3%81%ab%e3%81%a4%e3%81%84%e3%81%a6%e3%81%ae%e5%82%99%e5%bf%98%e9%8c%b2","status":"publish","type":"post","link":"https:\/\/nsb.homeip.net\/wp\/?p=2419","title":{"rendered":"VMware vCenter\/vCSA\u306e\u8a3c\u660e\u66f8\u66f4\u65b0\u306b\u3064\u3044\u3066\u306e\u5099\u5fd8\u9332"},"content":{"rendered":"\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_83 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/nsb.homeip.net\/wp\/?p=2419\/#VMware_vCentervCSA%E3%81%AE%E8%A8%BC%E6%98%8E%E6%9B%B8%E3%81%AB%E3%81%A4%E3%81%84%E3%81%A6%E3%81%AE%E5%82%99%E5%BF%98%E9%8C%B2%E3%81%A7%E3%81%99%E3%80%82\" >VMware vCenter\/vCSA\u306e\u8a3c\u660e\u66f8\u306b\u3064\u3044\u3066\u306e\u5099\u5fd8\u9332\u3067\u3059\u3002<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/nsb.homeip.net\/wp\/?p=2419\/#vCSA%E3%81%A7%E3%81%AE%E8%A8%BC%E6%98%8E%E6%9B%B8%E6%9C%9F%E9%99%90%E7%A2%BA%E8%AA%8D%E3%82%B3%E3%83%9E%E3%83%B3%E3%83%89\" >vCSA\u3067\u306e\u8a3c\u660e\u66f8\u671f\u9650\u78ba\u8a8d(\u30b3\u30de\u30f3\u30c9)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/nsb.homeip.net\/wp\/?p=2419\/#vCSA%E3%81%A7%E6%9C%9F%E9%99%90%E5%88%87%E3%82%8C%E3%81%AE%E3%83%87%E3%83%BC%E3%82%BF%E6%9A%97%E5%8F%B7%E5%8C%96%E8%A8%BC%E6%98%8E%E6%9B%B8%E3%82%92%E7%BD%AE%E3%81%8D%E6%8F%9B%E3%81%88%E3%82%8B%E6%96%B9%E6%B3%95fix_encipherment_certsh\" >vCSA\u3067\u671f\u9650\u5207\u308c\u306e\u30c7\u30fc\u30bf\u6697\u53f7\u5316\u8a3c\u660e\u66f8\u3092\u7f6e\u304d\u63db\u3048\u308b\u65b9\u6cd5[fix_encipherment_cert.sh]<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/nsb.homeip.net\/wp\/?p=2419\/#%E5%AE%9F%E8%A1%8C%E5%BE%8C%E7%A2%BA%E8%AA%8D%E3%82%B3%E3%83%9E%E3%83%B3%E3%83%89\" >\u5b9f\u884c\u5f8c\u78ba\u8a8d[\u30b3\u30de\u30f3\u30c9]<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/nsb.homeip.net\/wp\/?p=2419\/#STS%E8%A8%BC%E6%98%8E%E6%9B%B8%E3%81%AE%E7%A2%BA%E8%AA%8D%E3%82%B3%E3%83%9E%E3%83%B3%E3%83%89checkstspy\" >STS\u8a3c\u660e\u66f8\u306e\u78ba\u8a8d\u30b3\u30de\u30f3\u30c9[checksts.py]<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/nsb.homeip.net\/wp\/?p=2419\/#%E8%A8%BC%E6%98%8E%E6%9B%B8%E7%A2%BA%E8%AA%8D%EF%BC%86%E6%9C%9F%E9%99%90%E5%88%87%E3%82%8C%E3%81%AE%E3%82%82%E3%81%AE%E3%81%AE%E3%81%BF%E6%9B%B4%E6%96%B0fixcerts_3_2py\" >\u8a3c\u660e\u66f8\u78ba\u8a8d\uff06\u671f\u9650\u5207\u308c\u306e\u3082\u306e\u306e\u307f\u66f4\u65b0[fixcerts_3_2.py]<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"VMware_vCentervCSA%E3%81%AE%E8%A8%BC%E6%98%8E%E6%9B%B8%E3%81%AB%E3%81%A4%E3%81%84%E3%81%A6%E3%81%AE%E5%82%99%E5%BF%98%E9%8C%B2%E3%81%A7%E3%81%99%E3%80%82\"><\/span>VMware vCenter\/vCSA\u306e\u8a3c\u660e\u66f8\u306b\u3064\u3044\u3066\u306e\u5099\u5fd8\u9332\u3067\u3059\u3002<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>vCenter\u304c\u5185\u90e8\u3067\u4f7f\u3063\u3066\u3044\u308b\u8a3c\u660e\u66f8\u306b\u306f\u671f\u9650\u304c\u3042\u308b\u306e\u3067\u6ce8\u610f\u3057\u307e\u3057\u3087\u3046<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>\uff08\u53c2\u8003\u30b5\u30a4\u30c8\uff09<\/p>\n\n\n\n<p>Determining expired SSL certificates in vCenter Server and ESXi 6.x, 7.0, and 8.0<br \/>[\u78ba\u8a8d\u30b3\u30de\u30f3\u30c9](vCenter&amp;vCSA6.x\/7.0\/8.0)<br \/><a href=\"https:\/\/knowledge.broadcom.com\/external\/article?legacyId=2015600\">https:\/\/knowledge.broadcom.com\/external\/article?legacyId=2015600<\/a><\/p>\n\n\n\n<p>vCenter Server \u3067\u671f\u9650\u5207\u308c\u306e\u30c7\u30fc\u30bf\u6697\u53f7\u5316\u8a3c\u660e\u66f8\u3092\u7f6e\u304d\u63db\u3048\u308b\u65b9\u6cd5[fix_encipherment_cert.sh](vCSA6.7\/7.0\/8.0)<br \/><a href=\"https:\/\/knowledge.broadcom.com\/external\/article\/324602\/vcenter-server.html\">https:\/\/knowledge.broadcom.com\/external\/article\/324602\/vcenter-server.html<\/a><br \/><a href=\"https:\/\/knowledge.broadcom.com\/external\/article\/312152\">https:\/\/knowledge.broadcom.com\/external\/article\/312152<\/a><\/p>\n\n\n\n<p>Checking Expiration of STS Certificate on vCenter Servers<br \/>[checksts.py](vCSA6.5\/6.7\/7.0\/8.0)<br \/><a href=\"https:\/\/knowledge.broadcom.com\/external\/article?legacyId=79248\">https:\/\/knowledge.broadcom.com\/external\/article?legacyId=79248<\/a><\/p>\n\n\n\n<p>vCert &#8211; Scripted vCenter Expired Certificate Replacement<br \/>[vCert-6.0.0-20250218.zip](vCSA7.0\/8.0)<br \/><a href=\"https:\/\/knowledge.broadcom.com\/external\/article\/385107\">https:\/\/knowledge.broadcom.com\/external\/article\/385107<\/a><\/p>\n\n\n\n<p>Replace certificates on vCenter server using the Fixcerts script<br \/>[fixcerts_3_2.py](vCSA6.5?\/6.7\/7.0\/8.0)<br \/><a href=\"https:\/\/knowledge.broadcom.com\/external\/article?legacyId=90561\">https:\/\/knowledge.broadcom.com\/external\/article?legacyId=90561<\/a><\/p>\n\n\n\n<p>vCenter Server \u8a3c\u660e\u66f8\u6709\u52b9\u671f\u9650\u4e00\u89a7<br \/><a href=\"https:\/\/ss-engineer.com\/certificate-expiration\/\">https:\/\/ss-engineer.com\/certificate-expiration\/<\/a><\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"vCSA%E3%81%A7%E3%81%AE%E8%A8%BC%E6%98%8E%E6%9B%B8%E6%9C%9F%E9%99%90%E7%A2%BA%E8%AA%8D%E3%82%B3%E3%83%9E%E3%83%B3%E3%83%89\"><\/span>vCSA\u3067\u306e\u8a3c\u660e\u66f8\u671f\u9650\u78ba\u8a8d(\u30b3\u30de\u30f3\u30c9)<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>login as: root<br \/>Pre-authentication banner message from server:<br \/>|<br \/>| VMware vCenter Server Appliance 6.7.0.57000<br \/>|<br \/>| Type: vCenter Server with an embedded Platform Services Controller<br \/>|<br \/>End of banner message from server<br \/>root@192.168.29.239&#8217;s password:<br \/>root@VMVC02 [ ~ ]#<br \/>root@VMVC02 [ ~ ]# <strong><em>for store in $(\/usr\/lib\/vmware-vmafd\/bin\/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo &#8220;[*] Store :&#8221; $store; \/usr\/lib\/vmware-vmafd\/bin\/vecs-cli entry list &#8211;store $store &#8211;text | grep -ie &#8220;Alias&#8221; -ie &#8220;Not After&#8221;;done;<\/em><\/strong><\/p>\n\n\n\n<p>[*] Store : MACHINE_SSL_CERT <br \/> Alias : __MACHINE_CERT<br \/> Not After : Oct 17 12:40:28 2032 GMT <br \/><br \/>[*] Store : TRUSTED_ROOTS<br \/> Alias : c8dd07a7f9cfbc4bea5701c8bddb60725967097e<br \/> Not After : Oct 17 12:40:28 2032 GMT<br \/> Alias : 6ba8680640749e80b8a22b6310e84b02138ae3b6<br \/> Not After : Oct 17 05:41:28 2032 GMT<br \/> Alias : 0144e02afc00c5c248de17cd12e1cb73f724b486<br \/> Not After : Oct 17 12:40:28 2032 GMT<br \/> Alias : 9d5b6377daad48bd8a288521f6105eae4bb005ae<br \/> Not After : Oct 21 05:50:21 2034 GMT<br \/> Alias : 210ef2ef8e060395d6ce4a966faf6c1cc5975928<br \/> Not After : Oct 21 06:11:24 2034 GMT<br \/> Alias : 19ddd27358ea587355e7c6a81efb4e45f5d0d8fe<br \/> Not After : Oct 21 06:32:51 2034 GMT<br \/> Alias : 02c04eb51e909e7bd990c751b913a8ccc63fb1cb<br \/> Not After : Oct 21 06:41:11 2034 GMT<br \/> Alias : 44aad666b55fd595592db0e45ca4866f6aa1c912<br \/> Not After : Oct 21 07:07:45 2034 GMT<br \/> Alias : a18db13a69140b00e602b07f558c00a552c509b3<br \/> Not After : Oct 21 07:14:57 2034 GMT<br \/> Alias : 37f01cccfe06c5a9862d9ae813644a00af3149bd<br \/> Not After : Oct 21 07:52:09 2034 GMT<br \/> Alias : 18bcf7ed18b8aba1ede7725ff5545142a3bcad71<br \/> Not After : Oct 21 09:26:28 2034 GMT<br \/><br \/>[*] Store : machine <br \/> Alias : machine <br \/> Not After : Oct 17 12:40:28 2032 GMT<br \/><br \/>[*] Store : vsphere-webclient<br \/> Alias : vsphere-webclient<br \/> Not After : Oct 17 12:40:28 2032 GMT<br \/><br \/>[*] Store : vpxd Alias : vpxd<br \/> Not After : Oct 17 12:40:28 2032 GMT <br \/><br \/>[*] Store : vpxd-extension<br \/> Alias : vpxd-extension<br \/> Not After : Oct 17 12:40:28 2032 GMT<br \/><br \/>[*] Store : SMS Alias : sms_self_signed<br \/> Not After : Oct 23 12:48:54 2032 GMT [] Store : STS_INTERNAL_SSL_CERT<br \/> Alias : __MACHINE_CERT<br \/> Not After : Oct 17 12:40:28 2032 GMT<br \/><br \/>[*] Store : APPLMGMT_PASSWORD<br \/> Alias : location_password_default <br \/>[*] Store : data-encipherment<br \/> Alias : data-encipherment<br \/> Not After : Oct 22 13:38:20 2024 GMT<br \/>root@VMVC02 [ ~ ]#<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"vCSA%E3%81%A7%E6%9C%9F%E9%99%90%E5%88%87%E3%82%8C%E3%81%AE%E3%83%87%E3%83%BC%E3%82%BF%E6%9A%97%E5%8F%B7%E5%8C%96%E8%A8%BC%E6%98%8E%E6%9B%B8%E3%82%92%E7%BD%AE%E3%81%8D%E6%8F%9B%E3%81%88%E3%82%8B%E6%96%B9%E6%B3%95fix_encipherment_certsh\"><\/span>vCSA\u3067\u671f\u9650\u5207\u308c\u306e\u30c7\u30fc\u30bf\u6697\u53f7\u5316\u8a3c\u660e\u66f8\u3092\u7f6e\u304d\u63db\u3048\u308b\u65b9\u6cd5[fix_encipherment_cert.sh]<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>login as: root<br \/>Pre-authentication banner message from server:<br \/>|<br \/>| VMware vCenter Server Appliance 6.7.0.57000<br \/>|<br \/>| Type: vCenter Server with an embedded Platform Services Controller<br \/>|<br \/>End of banner message from server<br \/>root@192.168.29.239&#8217;s password:<br \/>Last login: Tue Apr 29 14:50:00 2025 from 192.168.29.88<br \/>root@VMVC02 [ ~ ]# <strong><em>ls<\/em><\/strong><br \/>cert<br \/>root@VMVC02 [ ~ ]# <strong><em>cd cert\/<\/em><\/strong><br \/>root@VMVC02 [ ~\/cert ]#<strong><em> ls<\/em><\/strong><br \/>0685G00000of3ouQAA_fix_encipherment_cert.sh vCert-6.0.0-20250218.zip<br \/>root@VMVC02 [ ~\/cert ]#<br \/>root@VMVC02 [ ~\/cert ]#<br \/>root@VMVC02 [ ~\/cert ]# <strong><em>chmod +x 0685G00000of3ouQAA_fix_encipherment_cert.sh<\/em><\/strong><br \/>root@VMVC02 [ ~\/cert ]# <strong><em>.\/0685G00000of3ouQAA_fix_encipherment_cert.sh<\/em><\/strong><\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-constrained wp-block-group-is-layout-constrained\">\n<p>Replacing Certificate in data-encipherment VECS Store<\/p>\n\n\n\n<p>Detected PNID: VMVC02.nsb.homeip.net<\/p>\n\n\n\n<p>Detected PSC: VMVC02.nsb.homeip.net<\/p>\n\n\n\n<p>Taking backup of old certificate and private key to \/tmp directory<\/p>\n\n\n\n<p>Deleting the existing certificate from the VECS store<br \/>Deleted entry with alias [data-encipherment] in store [data-encipherment] successfully<\/p>\n\n\n\n<p>Generating new certificate using the existing private key and add to the VECS store<br \/>Status : Success<\/p>\n\n\n\n<p>Listing the new certificate in VECS Store<br \/>Alias : data-encipherment<br \/>Serial Number:<br \/>Not Before: Apr 29 06:02:01 2025 GMT<br \/>Not After : Apr 29 06:02:01 2027 GMT<br \/>Subject: CN=data-encipherment, DC=vsphere, DC=local, C=US, OU=mID-c9b2f80b-349e-4eb9-9340-482e26305710<br \/><br \/>**********************************************************************************<\/p>\n\n\n\n<p>Completed the script execution, please follow the manual steps in case the script fails to replace the Certificate<\/p>\n\n\n\n<p>VPXD Service needs to be restarted for the changes to take effect, otherwise Guest OS Customizations might fail<br \/>Please execute following command to restart the service:<\/p>\n\n\n\n<p>service-control &#8211;stop vpxd &amp;&amp; service-control &#8211;start vpxd<br \/><br \/>**********************************************************************************<\/p>\n<\/div><\/div>\n\n\n\n<p>root@VMVC02 [ ~\/cert ]#<br \/>root@VMVC02 [ ~\/cert ]#<br \/>root@VMVC02 [ ~\/cert ]# service-control &#8211;stop vpxd<br \/>Operation not cancellable. Please wait for it to finish\u2026<br \/>Performing stop operation on service vpxd\u2026<br \/>Successfully stopped service vpxd<br \/>root@VMVC02 [ ~\/cert ]#<br \/>root@VMVC02 [ ~\/cert ]# \/usr\/sbin\/vpxd -g<br \/>\/usr\/lib\/vmware-vpx\/vpxd: invalid option &#8212; &#8216;g&#8217;<br \/>Usage: \/usr\/lib\/vmware-vpx\/vpxd [FLAGS]<br \/>Flags:<br \/>-b Recreate database repository<br \/>-v Print the version number to stdout<br \/>-p Reset the database password<br \/>-f cfg Use the specified file instead of the default vpxd.cfg<br \/>-o newSchemaOwner Use the specified schema name to create database repository in SQL server<br \/>-C install new SSL certificate file<br \/>-F Force Full Host Sync for all hosts<br \/>-K install new SSL private key file<br \/>-Q install new Symmetric encryption keygen data file<br \/>root@VMVC02 [ ~\/cert ]# \/usr\/sbin\/vpxd -v<br \/>VMware VirtualCenter 6.7.0 build-24264277<br \/>root@VMVC02 [ ~\/cert ]# service-control &#8211;start vpxd<br \/>Operation not cancellable. Please wait for it to finish\u2026<br \/>Performing start operation on service vpxd\u2026<br \/>Successfully started service vpxd<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E5%AE%9F%E8%A1%8C%E5%BE%8C%E7%A2%BA%E8%AA%8D%E3%82%B3%E3%83%9E%E3%83%B3%E3%83%89\"><\/span>\u5b9f\u884c\u5f8c\u78ba\u8a8d[\u30b3\u30de\u30f3\u30c9]<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>root@VMVC02 [ ~\/cert ]# <strong><em>for store in $(\/usr\/lib\/vmware-vmafd\/bin\/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo &#8220;[] Store :&#8221; $store; \/usr\/lib\/vmware-vmafd\/bin\/vecs-cli entry list &#8211;store $store &#8211;text | grep -ie &#8220;Alias&#8221; -ie &#8220;Not After&#8221;;done; <\/em><\/strong><br \/><br \/>[*] Store : MACHINE_SSL_CERT<br \/> Alias : __MACHINE_CERT<br \/> Not After : Oct 17 12:40:28 2032 GMT<br \/>[*] Store : TRUSTED_ROOTS<br \/> Alias : c8dd07a7f9cfbc4bea5701c8bddb60725967097e<br \/> Not After : Oct 17 12:40:28 2032 GMT<br \/> Alias : 6ba8680640749e80b8a22b6310e84b02138ae3b6<br \/> Not After : Oct 17 05:41:28 2032 GMT<br \/> Alias : 0144e02afc00c5c248de17cd12e1cb73f724b486<br \/> Not After : Oct 17 12:40:28 2032 GMT<br \/> Alias : 9d5b6377daad48bd8a288521f6105eae4bb005ae<br \/> Not After : Oct 21 05:50:21 2034 GMT<br \/> Alias : 210ef2ef8e060395d6ce4a966faf6c1cc5975928<br \/> Not After : Oct 21 06:11:24 2034 GMT<br \/> Alias : 19ddd27358ea587355e7c6a81efb4e45f5d0d8fe<br \/> Not After : Oct 21 06:32:51 2034 GMT<br \/> Alias : 02c04eb51e909e7bd990c751b913a8ccc63fb1cb<br \/> Not After : Oct 21 06:41:11 2034 GMT<br \/> Alias : 44aad666b55fd595592db0e45ca4866f6aa1c912<br \/> Not After : Oct 21 07:07:45 2034 GMT<br \/> Alias : a18db13a69140b00e602b07f558c00a552c509b3<br \/> Not After : Oct 21 07:14:57 2034 GMT<br \/> Alias : 37f01cccfe06c5a9862d9ae813644a00af3149bd<br \/> Not After : Oct 21 07:52:09 2034 GMT<br \/> Alias : 18bcf7ed18b8aba1ede7725ff5545142a3bcad71<br \/> Not After : Oct 21 09:26:28 2034 GMT<br \/>[*] Store : machine<br \/> Alias : machine<br \/> Not After : Oct 17 12:40:28 2032 GMT<br \/>[*] Store : vsphere-webclient<br \/> Alias : vsphere-webclient<br \/> Not After : Oct 17 12:40:28 2032 GMT <br \/>[*] Store : vpxd<br \/> Alias : vpxd<br \/> Not After : Oct 17 12:40:28 2032 GMT<br \/>[*] Store : vpxd-extension<br \/> Alias : vpxd-extension<br \/> Not After : Oct 17 12:40:28 2032 GMT <br \/>[*] Store : SMS<br \/> Alias : sms_self_signed<br \/> Not After : Oct 23 12:48:54 2032 GMT<br \/>[*] Store : STS_INTERNAL_SSL_CERT<br \/> Alias : __MACHINE_CERT<br \/> Not After : Oct 17 12:40:28 2032 GMT <br \/>[*] Store : APPLMGMT_PASSWORD<br \/> Alias : location_password_default<br \/>[*] Store : data-encipherment<br \/> Alias : data-encipherment<br \/><strong> Not After : Apr 29 06:02:01 2027 GMT<\/strong><br \/>root@VMVC02 [ ~\/cert ]#<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"STS%E8%A8%BC%E6%98%8E%E6%9B%B8%E3%81%AE%E7%A2%BA%E8%AA%8D%E3%82%B3%E3%83%9E%E3%83%B3%E3%83%89checkstspy\"><\/span>STS\u8a3c\u660e\u66f8\u306e\u78ba\u8a8d\u30b3\u30de\u30f3\u30c9[checksts.py]<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>root@VMVC02 [ ~ ]# <strong><em>cd cert\/<\/em><\/strong><br \/>fix_encipherment_cert.sh vCert-6.0.0-20250218.zip<br \/>root@VMVC02 [ ~\/cert ]# <strong><em>ls -al<\/em><\/strong><br \/>total 204<br \/>drwxr-xr-x 3 root root 4096 Apr 29 16:40 .<br \/>drwx&#8212;&#8212; 5 root root 4096 Apr 29 14:58 ..<br \/>-rw-r&#8211;r&#8211; 1 root root 8042 Apr 29 16:38 checksts.py<br \/>-rwxr-xr-x 1 root root 2225 Apr 29 14:57 fix_encipherment_cert.sh<br \/>drwxr-xr-x 5 root root 4096 Feb 19 03:11 vCert-6.0.0-20250218<br \/>-rw-r&#8211;r&#8211; 1 root root 183601 Apr 29 14:44 vCert-6.0.0-20250218.zip<br \/>root@VMVC02 [ ~\/cert ]# <strong><em>chmod +x checksts.py<\/em><\/strong><br \/>root@VMVC02 [ ~\/cert ]# .<strong>\/checksts.py<\/strong><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>3 VALID CERTS<\/p>\n\n\n\n<p>    LEAF CERTS:\n\n    [] Certificate 3B:C3:CE:D0:C1:A5:BF:BF:42:48:2F:05:DF:3B:3E:7F:FD:A3:96:                                                                                         4F will expire in 2728 days (7 years).\n\n    ROOT CERTS:\n\n    [] Certificate 6B:A8:68:06:40:74:9E:80:B8:A2:2B:63:10:E8:4B:02:13:8A:E3:                                                                                         B6 will expire in 2728 days (7 years).\n    [] Certificate C8:DD:07:A7:F9:CF:BC:4B:EA:57:01:C8:BD:DB:60:72:59:67:09:                                                                                         7E will expire in 2728 days (7 years).<\/p>\n\n\n\n<p>1 EXPIRED CERTS<\/p>\n\n\n\n<p>    LEAF CERTS:\n\n    [] Certificate: E6:28:BE:51:07:BE:C9:38:FE:FE:09:D8:53:99:3A:ED:3B:3B:AC                                                                                         :F9 expired on 2024-10-22 05:31:39 GMT!\n\n    ROOT CERTS:\n\n    None\n\nWARNING!\nYou have expired STS certificates.  Please follow the KB corresponding to yo                                                                                         ur OS:\nVCSA:  https:\/\/kb.vmware.com\/s\/article\/76719\nWindows:  https:\/\/kb.vmware.com\/s\/article\/79263<\/p>\n\n\n\n<p>root@VMVC02 [ ~\/cert ]#<br \/>root@VMVC02 [ ~\/cert ]#<\/p>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E8%A8%BC%E6%98%8E%E6%9B%B8%E7%A2%BA%E8%AA%8D%EF%BC%86%E6%9C%9F%E9%99%90%E5%88%87%E3%82%8C%E3%81%AE%E3%82%82%E3%81%AE%E3%81%AE%E3%81%BF%E6%9B%B4%E6%96%B0fixcerts_3_2py\"><\/span>\u8a3c\u660e\u66f8\u78ba\u8a8d\uff06\u671f\u9650\u5207\u308c\u306e\u3082\u306e\u306e\u307f\u66f4\u65b0[fixcerts_3_2.py]<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>root@VMVC02 [ ~\/cert ]# <strong><em>.\/fixcerts_3_2.py replace &#8211;certType expired_only<\/em><\/strong><br \/>Please enter the password for administrator@vsphere.local to proceed further :<\/p>\n\n\n\n<p>Validity of Certificates:<br \/>+&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;+&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-+<br \/>| CertificateType | Validity(UTC) |<br \/>+&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;+&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-+<br \/>| MACHINE_SSL_CERT | Oct 17 12:40:28 2032 |<br \/>| machine | Oct 17 12:40:28 2032 |<br \/>| vsphere-webclient | Oct 17 12:40:28 2032 |<br \/>| vpxd | Oct 17 12:40:28 2032 |<br \/>| vpxd-extension | Oct 17 12:40:28 2032 |<br \/>| SMS | Oct 23 12:48:54 2032 |<br \/>| STS_INTERNAL_SSL_CERT | Oct 17 12:40:28 2032 |<br \/>| data-encipherment | Apr 29 06:02:01 2027 |<br \/>| Signing Cert (STS) | Oct 17 12:40:28 2032 |<br \/>+&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;+&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-+<br \/>+&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;+&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-+&#8212;&#8212;&#8211;+<br \/>| TRUSTED_ROOTS_Alias | Validity(UTC) | Type |<br \/>+&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;+&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-+&#8212;&#8212;&#8211;+<br \/>| c8dd07a7f9cfbc4bea5701c8bddb60725967097e | Oct 17 12:40:28 2032 | CA |<br \/>| 6ba8680640749e80b8a22b6310e84b02138ae3b6 | Oct 17 05:41:28 2032 | CA |<br \/>| 0144e02afc00c5c248de17cd12e1cb73f724b486 | Oct 17 12:40:28 2032 | Non-CA |<br \/>| 9d5b6377daad48bd8a288521f6105eae4bb005ae | Oct 21 05:50:21 2034 | CA |<br \/>| 210ef2ef8e060395d6ce4a966faf6c1cc5975928 | Oct 21 06:11:24 2034 | CA |<br \/>| 19ddd27358ea587355e7c6a81efb4e45f5d0d8fe | Oct 21 06:32:51 2034 | CA |<br \/>| 02c04eb51e909e7bd990c751b913a8ccc63fb1cb | Oct 21 06:41:11 2034 | CA |<br \/>| 44aad666b55fd595592db0e45ca4866f6aa1c912 | Oct 21 07:07:45 2034 | CA |<br \/>| a18db13a69140b00e602b07f558c00a552c509b3 | Oct 21 07:14:57 2034 | CA |<br \/>| 37f01cccfe06c5a9862d9ae813644a00af3149bd | Oct 21 07:52:09 2034 | CA |<br \/>| 18bcf7ed18b8aba1ede7725ff5545142a3bcad71 | Oct 21 09:26:28 2034 | CA |<br \/>+&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;+&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-+&#8212;&#8212;&#8211;+<\/p>\n\n\n\n<p>There are NO EXPIRED CERTIFICATES on this vCenter Server, hence DID NOT replace any Certificates.<br \/>If you still want to replace the certificates, use any other arguments such as &#8211;certType all<br \/>root@VMVC02 [ ~\/cert ]#<\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>\u6b21\u306e\u66f4\u65b0\u306f\u30022027\/4\/29\u9803\u306bSTS\u8a3c\u660e\u66f8\u306e\u66f4\u65b0\u304c\u5fc5\u8981\u305d\u3046\u3067\u3059\u3002<\/p>\n\n\n\n<p><\/p>\n<p>Views: 185<\/p>","protected":false},"excerpt":{"rendered":"<p>VMware vCenter\/vCSA\u306e\u8a3c\u660e\u66f8\u306b\u3064\u3044\u3066\u306e\u5099\u5fd8\u9332\u3067\u3059\u3002 vCenter\u304c\u5185\u90e8\u3067\u4f7f\u3063\u3066\u3044\u308b\u8a3c\u660e\u66f8\u306b\u306f\u671f\u9650\u304c\u3042\u308b\u306e\u3067\u6ce8\u610f\u3057\u307e\u3057\u3087\u3046 \uff08\u53c2\u8003\u30b5\u30a4\u30c8\uff09 Determining expired SSL certifi &hellip; <a href=\"https:\/\/nsb.homeip.net\/wp\/?p=2419\">\u7d9a\u304d\u3092\u8aad\u3080 <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[4],"tags":[],"class_list":["post-2419","post","type-post","status-publish","format-standard","hentry","category-esxi"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/nsb.homeip.net\/wp\/index.php?rest_route=\/wp\/v2\/posts\/2419","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsb.homeip.net\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsb.homeip.net\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsb.homeip.net\/wp\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nsb.homeip.net\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2419"}],"version-history":[{"count":5,"href":"https:\/\/nsb.homeip.net\/wp\/index.php?rest_route=\/wp\/v2\/posts\/2419\/revisions"}],"predecessor-version":[{"id":2636,"href":"https:\/\/nsb.homeip.net\/wp\/index.php?rest_route=\/wp\/v2\/posts\/2419\/revisions\/2636"}],"wp:attachment":[{"href":"https:\/\/nsb.homeip.net\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2419"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsb.homeip.net\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2419"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsb.homeip.net\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2419"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}