Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
The vCenter Cloud Gateway Appliance (VCGA) certificate has expired.
This script is the automated version of : https://kb.vmware.com/s/article/70630 The script will: This will replace the existing MACHINE_SSL certificate for the vCenter Cloud Gateway Appliance.This knowledge base article will update the lookup service of the on-premises vCenter with the updated vCenter Cloud Gateway Appliance certificate.It provides a validation check to ensure that the lookup service (service registration endpoint) has been updated with the newly generated certificate.
The VCGA certificate has expired.
The script will replace the machine SSL certificate for the vCenter Cloud Gateway Appliance and update the service registration endpoint. Please make sure to power off and take a snapshot of the appliances before executing the script.
Perform below steps on the vCenter Cloud Gateway Appliance to resolve this issue : 1) Download the attached script (cert.sh) and upload to the affected vCenter Cloud Gateway Appliance or copy to an empty file called cert.sh using vi 2) Run chmod +x cert.sh to enable execute permissions 3) Take note of the administrator@your_domain password 4) Run the script (./cert.sh), please note that the script prints the new expiry date Example: Successful output of the script:Old machine_ssl thumbprint: 58:E3:20:70:FF:08:2B:D7:AD:35:9A:BE:D8:1C:78:09:3A:08:84:2E The expiry date is Aug 14 21:23:37 2023 GMTStatus : SuccessUsing config file : /storage/core/FQDN_cloudgateway-20230815095628/certool.cfgStatus : SuccessNew machine_ssl thumbprint: 50:C2:15:F5:4E:85:4E:8F:3A:79:76:D8:29:6A:70:D6:FB:88:A5:48 The expiry date is Aug 14 09:46:34 2025 GMTDeleted entry with alias [__MACHINE_CERT] in store [MACHINE_SSL_CERT] successfully Entry with alias [__MACHINE_CERT] in store [MACHINE_SSL_CERT] was created successfullySuccessfully restarted service rhttpproxyGet site nameLookup all services[..]Please note:For a successful replacement in the lookup service, the following thumbprints need to match .FQDN_cloudgateway:443Machine 50:C2:15:F5:4E:85:4E:8F:3A:79:76:D8:29:6A:70:D6:FB:88:A5:48Lotus 50:C2:15:F5:4E:85:4E:8F:3A:79:76:D8:29:6A:70:D6:FB:88:A5:48
For this script to function properly, it relies on functional system variables. If these variables are not operational the script will not work and this will need to be investigated Each time the script is executed it creates a new folder within /var/core the folder name is based on the hostname and time. This will contain the outputs of the script which include the old certificate and the new certificate. Note: You may receive an error when you try to run the script: bash: ./cert.sh: /bin/bash^M: bad interpreter: No such file or directory This error is caused by DOS carriage returns added to the script when copying from a Windows-based text editor. To resolve this problem, run the following command and rerun the script: sed -i -e 's/\r$//' cert.sh