vcsa证书过期导致无法登录故障
1.ssh登录VCSA,查看证书状态
for store in $(/usr/lib/vmware-vmafd/bin/vecs-cli store list | grep -v TRUSTED_ROOT_CRLS); do echo "[*] Store :" $store; /usr/lib/vmware-vmafd/bin/vecs-cli entry list --store $store --text | grep -ie "Alias" -ie "Not After";done;
2.使用VCSA自带的证书管理工具更新
/usr/lib/vmware-vmca/bin/certificate-manager root@vcsa02 [ /storage/archive/vpostgres ]# /usr/lib/vmware-vmca/bin/certificate-manager _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ | | | *** Welcome to the vSphere 6.7 Certificate Manager *** | | | | -- Select Operation -- | | | | 1. Replace Machine SSL certificate with Custom Certificate | | | | 2. Replace VMCA Root certificate with Custom Signing | | Certificate and replace all Certificates | | | | 3. Replace Machine SSL certificate with VMCA Certificate | | | | 4. Regenerate a new VMCA Root Certificate and | | replace all certificates | | | | 5. Replace Solution user certificates with | | Custom Certificate | | | | 6. Replace Solution user certificates with VMCA certificates | | | | 7. Revert last performed operation by re-publishing old | | certificates | | | | 8. Reset all Certificates | |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _| Note : Use Ctrl-D to exit. Option[1 to 8]: 8 Do you wish to generate all certificates using configuration file : Option[Y/N] ? : y Please provide valid SSO and VC privileged user credential to perform certificate operations. Enter username [Administrator@vsphere.local]: Enter password: Please configure certool.cfg with proper values before proceeding to next step. Press Enter key to skip optional parameters or use Default value. Enter proper value for 'Country' [Default value : US] : Enter proper value for 'Name' [Default value : CA] : Enter proper value for 'Organization' [Default value : VMware] : Enter proper value for 'OrgUnit' [Default value : VMware Engineering] : Enter proper value for 'State' [Default value : California] : Enter proper value for 'Locality' [Default value : Palo Alto] : Enter proper value for 'IPAddress' (Provide comma separated values for multiple IP addresses) [optional] : 10.12.0.125 Enter proper value for 'Email' [Default value : email@acme.com] : Enter proper value for 'Hostname' (Provide comma separated values for multiple Hostname entries) [Enter valid Fully Qualified Domain Name(FQDN), For Example : example.domain.com] : vcsa02.idc.cqut.edu.cn Enter proper value for VMCA 'Name' :vcsa02.idc.cqut.edu.cn Continue operation : Option[Y/N] ? : y You are going to reset by regenerating Root Certificate and replace all certificates using VMCA Continue operation : Option[Y/N] ? : y Get site nameCompleted [Reset Machine SSL Cert...] default-site Lookup all services Get service default-site:e76540dd-1cdc-4912-bf78-ec258f919dc3 Update service default-site:e76540dd-1cdc-4912-bf78-ec258f919dc3; spec: /tmp/svcspec_9mt88_e7 Get service default-site:3baa7a85-f252-482d-89fe-7c2dbb67ed00 Update service default-site:3baa7a85-f252-482d-89fe-7c2dbb67ed00; spec: /tmp/svcspec_8hiw7lyr Get service default-site:038cef07-710b-4fa2-91c2-cdfc2fc00b2a Update service default-site:038cef07-710b-4fa2-91c2-cdfc2fc00b2a; spec: /tmp/svcspec_gzb5bvqn Get service 803aefa6-35fa-4b21-ba3f-408024f00afa Update service 803aefa6-35fa-4b21-ba3f-408024f00afa; spec: /tmp/svcspec_2o_n_6j0 Get service c4d43c0a-42b4-4103-82b8-4517ce9e4110 Update service c4d43c0a-42b4-4103-82b8-4517ce9e4110; spec: /tmp/svcspec_6rirdql7 Get service e4156f67-21ad-410f-a169-f74e05ad5880 Update service e4156f67-21ad-410f-a169-f74e05ad5880; spec: /tmp/svcspec_vlfg9l0f Get service 3419c12d-064e-4c33-99b0-d1bff1187bde Update service 3419c12d-064e-4c33-99b0-d1bff1187bde; spec: /tmp/svcspec_9aa9482c Get service 89aea723-859e-456b-baf4-6e611f6b2243 Update service 89aea723-859e-456b-baf4-6e611f6b2243; spec: /tmp/svcspec_wofq9hpc Get service 4824b57c-3659-4f88-ba38-f88fe92df825 Update service 4824b57c-3659-4f88-ba38-f88fe92df825; spec: /tmp/svcspec_lgz_jbpz Get service 5513c447-8a0c-4eb7-b790-4799fb1bfa29 Update service 5513c447-8a0c-4eb7-b790-4799fb1bfa29; spec: /tmp/svcspec_d02m306g Get service 8aea25bc-4248-46e4-9b94-dc8fed782599 Update service 8aea25bc-4248-46e4-9b94-dc8fed782599; spec: /tmp/svcspec_0ffv4nde Get service 820510fa-1fbe-451a-9510-b75e3eeaf642 Update service 820510fa-1fbe-451a-9510-b75e3eeaf642; spec: /tmp/svcspec_hupi47a2 Get service db67415f-2414-42b3-b2db-1049a38baf49_com.vmware.vsphere.client Don't update service db67415f-2414-42b3-b2db-1049a38baf49_com.vmware.vsphere.client Get service 21b3da4a-3801-483f-9496-00bfa0e56323 Update service 21b3da4a-3801-483f-9496-00bfa0e56323; spec: /tmp/svcspec_8z5x_f4v Get service 1903999d-f5e6-4015-8670-f48518065cda Update service 1903999d-f5e6-4015-8670-f48518065cda; spec: /tmp/svcspec_013uocf1 Get service db67415f-2414-42b3-b2db-1049a38baf49 Update service db67415f-2414-42b3-b2db-1049a38baf49; spec: /tmp/svcspec_slmwb8xv Get service 18b4bbad-da17-4e67-89c7-e698f8a65915 Update service 18b4bbad-da17-4e67-89c7-e698f8a65915; spec: /tmp/svcspec_vpqu97b2 Get service 80445137-a283-48ff-aeaf-99233840391f Update service 80445137-a283-48ff-aeaf-99233840391f; spec: /tmp/svcspec__vtzli3q Get service 68d50d9b-4c0c-450b-9330-1e78ce441b61 Update service 68d50d9b-4c0c-450b-9330-1e78ce441b61; spec: /tmp/svcspec_rksczx55 Get service 0ffca0be-9d2d-4172-a869-9f36d902ff18 Update service 0ffca0be-9d2d-4172-a869-9f36d902ff18; spec: /tmp/svcspec_7zsrtf5e Get service e3e1e0a3-5b6f-4cc1-ae74-a310225faed3 Update service e3e1e0a3-5b6f-4cc1-ae74-a310225faed3; spec: /tmp/svcspec_y3s82wuw Get service 946c52f0-5a93-4d2d-acb0-fb96ca581dbc Update service 946c52f0-5a93-4d2d-acb0-fb96ca581dbc; spec: /tmp/svcspec_tz70hfas Get service 4cd99b77-367d-4ccf-9094-5a187dfe57bc Update service 4cd99b77-367d-4ccf-9094-5a187dfe57bc; spec: /tmp/svcspec_r0w53gjf Get service 5513c447-8a0c-4eb7-b790-4799fb1bfa29_authz Update service 5513c447-8a0c-4eb7-b790-4799fb1bfa29_authz; spec: /tmp/svcspec_rbuvoyqn Get service fca85381-90d7-43d1-84c6-786476f6b87c Update service fca85381-90d7-43d1-84c6-786476f6b87c; spec: /tmp/svcspec_tbooyzy_ Get service 20f271cd-24a8-47da-8de3-0cdc9b62ddba Update service 20f271cd-24a8-47da-8de3-0cdc9b62ddba; spec: /tmp/svcspec_u1gsptgv Get service 42a36c3a-c943-4f67-9a2c-a54f058db360 Update service 42a36c3a-c943-4f67-9a2c-a54f058db360; spec: /tmp/svcspec_dlkk4bb0 Get service 598a9f1a-e54a-4fba-9a09-52b0cfa9e786 Update service 598a9f1a-e54a-4fba-9a09-52b0cfa9e786; spec: /tmp/svcspec_1a2uxq0m Get service 2968b170-74ab-4162-a920-bdcedbf83e8c Update service 2968b170-74ab-4162-a920-bdcedbf83e8c; spec: /tmp/svcspec_6b6zkz9e Get service 6466292c-f84f-4e13-b35d-bfc03ef7d836 Update service 6466292c-f84f-4e13-b35d-bfc03ef7d836; spec: /tmp/svcspec_k8fjrb7n Get service 5513c447-8a0c-4eb7-b790-4799fb1bfa29_kv Update service 5513c447-8a0c-4eb7-b790-4799fb1bfa29_kv; spec: /tmp/svcspec_gdz03nl7 Get service 550c554a-cc82-4884-afdd-d6bf5fba7920 Update service 550c554a-cc82-4884-afdd-d6bf5fba7920; spec: /tmp/svcspec_zl6o18u9 Get service c632f8f5-04ad-4213-a236-81e5f5d0e9b8 Update service c632f8f5-04ad-4213-a236-81e5f5d0e9b8; spec: /tmp/svcspec_m2an0qhi Get service eb7d099a-3f05-4f2a-94c5-06153958aea9 Update service eb7d099a-3f05-4f2a-94c5-06153958aea9; spec: /tmp/svcspec_v97zzdrp Get service eea9b7b5-0174-4541-bd13-871d57723e1e Update service eea9b7b5-0174-4541-bd13-871d57723e1e; spec: /tmp/svcspec_0td0sw9k Updated 34 service(s) Status : 60% Completed [Reset vpxd-extension Cert...] 2024-08-05T16:06:34.146Z Updating certificate for "com.vmware.vim.eam" extension 2024-08-05T16:06:34.735Z Updating certificate for "com.vmware.rbd" extension 2024-08-05T16:06:35.302Z Updating certificate for "com.vmware.imagebuilder" extension Reset status : 100% Completed [Reset completed successfully]
3.这时应该可以正常登录VCSA了
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· TypeScript + Deepseek 打造卜卦网站:技术与玄学的结合
· 阿里巴巴 QwQ-32B真的超越了 DeepSeek R-1吗?
· 【译】Visual Studio 中新的强大生产力特性
· 10年+ .NET Coder 心语 ── 封装的思维:从隐藏、稳定开始理解其本质意义
· 【设计模式】告别冗长if-else语句:使用策略模式优化代码结构