How to Resolve vCenter Server appliance 7.x- Expired Machine SSL Certificate?

By Lerpong Intaraworrapath | 15th September 2022

When we use the vSphere Web Client to connect to vCenter Server appliance 7.x. We are unable to access with the message “HTTP Status 500 – Internal Server Error.

Steps to resolving these issues.

1.SSH into the vCenter Server appliance.

2.To see the status certificate expiration date, use the command below.
for i in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list); do echo STORE $i; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $i --text | egrep "Alias|Not After"; done

3.You will see an output similar to:

4.As you can see, the Machine SSL certificate expires on September 1 06:40:37 2022 GMT.

5.The Name, Hostname and VMCA values should match the PNID of the Node where you are replacing the Certificates. PNID should always match the Hostname. In order to obtain the PNID please run these commands:
/usr/lib/vmware-vmafd/bin/vmafd-cli get-pnid --server-name localhost

6.Run command below to replace “Machine SSL certificate”.

7.You will have the option to replace or reset the certificate with in output.

Please keep in mind that this command may be used with both vCenter Server appliances 6.x and 7.x.

8.To replace Machine SSL certificate with VMCA Certificate, we choose option 3.

9.Provide credential

10.Enter these values as prompted by the VMCA (See Step 5 to confirm the Name/Hostname/VMCA):

11.To proceed, answer Yes (Y) to the confirmation request.

12.Wait till the status is 100% completed.

13.Re-run command to check Machine SSL certificate
for i in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list); do echo STORE $i; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $i --text | egrep "Alias|Not After"; done

14.Machine SSL certificate has been updated to August 31 12:14:11 2024 GMT.