vcsa6.7更换证书

今天一早，有现场反馈，vcenter无法登录，估计到可能是证书到期了

在浏览器中确认下，确实是证书到期的问题

通过查看你sts不过期，直接更新全部证书

To escape to local shell, press 'Ctrl+Alt+]'.
VMware vCenter Server Appliance 6.7.0.48000
WARNING! The remote SSH server rejected X11 forwarding request.
Connected to service
    * List APIs: "help api list"
    * List Plugins: "help pi list"
    * Launch BASH: "shell"
Command> shell
Shell access is granted to root
root@vcsa70 [ ~ ]# cd /opt/
root@vcsa70 [ /opt ]# python checksts.py
2 VALID CERTS
================
   LEAF CERTS:
   [] Certificate BF:13:8A:E6:68:3A:09:3E:C1:0C:1F:A5:36:70:45:96:83:90:86:3B will expire in 2916 days (8 years).
   ROOT CERTS:
   [] Certificate 64:D1:EB:6D:BB:3B:12:89:14:FD:34:C6:13:6C:38:7B:95:41:53:C8 will expire in 2916 days (8 years).
0 EXPIRED CERTS
================
   LEAF CERTS:
   None
   ROOT CERTS:
   None
root@vcsa70 [ /opt ]# /usr/lib/vmware-vmca/bin/certificate-manager
       _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
       |                                                                     |
       |      *** Welcome to the vSphere 6.7 Certificate Manager ***        |
       |                                                                     |
       |                   -- Select Operation --                            |
       |                                                                     |
       |      1. Replace Machine SSL certificate with Custom Certificate     |
       |                                                                     |
       |      2. Replace VMCA Root certificate with Custom Signing           |
       |         Certificate and replace all Certificates                    |
       |                                                                     |
       |      3. Replace Machine SSL certificate with VMCA Certificate       |
       |                                                                     |
       |      4. Regenerate a new VMCA Root Certificate and                  |
       |         replace all certificates                                    |
       |                                                                     |
       |      5. Replace Solution user certificates with                     |
       |         Custom Certificate                                          |
       |                                                                     |
       |      6. Replace Solution user certificates with VMCA certificates   |
       |                                                                     |
       |      7. Revert last performed operation by re-publishing old        |
       |         certificates                                                |
       |                                                                     |
       |      8. Reset all Certificates                                      |
       |_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|
Note : Use Ctrl-D to exit.
Option[1 to 8]: 8
Do you wish to generate all certificates using configuration file : Option[Y/N] ? : y

Please provide valid SSO and VC privileged user credential to perform certificate operations.
Enter username [Administrator@vsphere.local]:
Enter password:

Please configure certool.cfg with proper values before proceeding to next step.

Press Enter key to skip optional parameters or use Default value.

Enter proper value for 'Country' [Default value : US] :

Enter proper value for 'Name' [Default value : CA] :

Enter proper value for 'Organization' [Default value : VMware] :

Enter proper value for 'OrgUnit' [Default value : VMware Engineering] :

Enter proper value for 'State' [Default value : California] :

Enter proper value for 'Locality' [Default value : Palo Alto] :

Enter proper value for 'IPAddress' (Provide comma separated values for multiple IP addresses) [optional] : 172.16.55.150

Enter proper value for 'Email' [Default value : email@acme.com] :

Enter proper value for 'Hostname' (Provide comma separated values for multiple Hostname entries) [Enter valid Fully Qualified Domain Name(FQDN), For Example : example.domain.com] : vcsa70.vsphere.local

Enter proper value for VMCA 'Name' :vcsa70.vsphere.local
Continue operation : Option[Y/N] ? : y

You are going to reset by regenerating Root Certificate and replace all certificates using VMCA
Continue operation : Option[Y/N] ? : y
Get site nameCompleted [Reset Machine SSL Cert...]
default-site
Lookup all services
Get service default-site:3b7181fa-70c4-4118-89e0-3d99dc164964
Update service default-site:3b7181fa-70c4-4118-89e0-3d99dc164964; spec: /tmp/svcspec__46t7jh3
Get service default-site:08c253b1-fc95-4f6a-a9a1-b47faa948b31
Update service default-site:08c253b1-fc95-4f6a-a9a1-b47faa948b31; spec: /tmp/svcspec_les95vkq
Get service default-site:8c924001-2087-49e7-ac3c-d4961109341e
Update service default-site:8c924001-2087-49e7-ac3c-d4961109341e; spec: /tmp/svcspec_tdg0c8xq
Get service 97f94ee9-c8ef-4188-a81d-9bc58966c2d1
Update service 97f94ee9-c8ef-4188-a81d-9bc58966c2d1; spec: /tmp/svcspec_4t9ta9ig
Get service 4e0a5285-ac11-4390-8334-12b2c20e7a08
Update service 4e0a5285-ac11-4390-8334-12b2c20e7a08; spec: /tmp/svcspec_cehncbzm
Get service 46bbb5ed-ac1b-46dc-90b5-4110e5dce6fd
Update service 46bbb5ed-ac1b-46dc-90b5-4110e5dce6fd; spec: /tmp/svcspec_qx4aonx3
Get service edfc9b83-4e5c-42c8-8327-ae192f2cb35c
Update service edfc9b83-4e5c-42c8-8327-ae192f2cb35c; spec: /tmp/svcspec_y_soga0l
Get service c1162bf6-a305-4ffa-8c0c-59393882e1d9
Update service c1162bf6-a305-4ffa-8c0c-59393882e1d9; spec: /tmp/svcspec_9759e4c5
Get service 661903da-f96a-4d3a-8f06-f2215dc6c87a
Update service 661903da-f96a-4d3a-8f06-f2215dc6c87a; spec: /tmp/svcspec_y13u7nlu
Get service 520fecd6-c012-49c5-b89d-00d139f7aed3
Update service 520fecd6-c012-49c5-b89d-00d139f7aed3; spec: /tmp/svcspec_wa9n9nzs
Get service 05a1d488-b400-449b-af28-7f2c0f9f6ccd
Update service 05a1d488-b400-449b-af28-7f2c0f9f6ccd; spec: /tmp/svcspec_fb6kllam
Get service 6bfd3389-28a8-424c-8202-26c9615f7ab5_com.vmware.vsphere.client
Don't update service 6bfd3389-28a8-424c-8202-26c9615f7ab5_com.vmware.vsphere.client
Get service 560fdcaa-a894-42e6-8c80-b0b970df8967
Update service 560fdcaa-a894-42e6-8c80-b0b970df8967; spec: /tmp/svcspec_q406muin
Get service e58fcbfa-72aa-4320-9e30-f1c9b60d17b5
Update service e58fcbfa-72aa-4320-9e30-f1c9b60d17b5; spec: /tmp/svcspec_sfmiv4y_
Get service 1a1400dd-b989-4ca6-a4a1-43e1cddcbe3e
Update service 1a1400dd-b989-4ca6-a4a1-43e1cddcbe3e; spec: /tmp/svcspec_eeulrhjh
Get service 7e6484fd-c567-408c-a606-1e5b0c13cfe1
Update service 7e6484fd-c567-408c-a606-1e5b0c13cfe1; spec: /tmp/svcspec_eso7rlxq
Get service 48366f65-140a-4aac-8dc2-847aaca2a3c1
Update service 48366f65-140a-4aac-8dc2-847aaca2a3c1; spec: /tmp/svcspec_l747e9cv
Get service 44e0d326-a382-4cb5-98f9-b2253cc8d484
Update service 44e0d326-a382-4cb5-98f9-b2253cc8d484; spec: /tmp/svcspec_mgynon8l
Get service cd66a42b-c604-4124-914a-aeef391abab4
Update service cd66a42b-c604-4124-914a-aeef391abab4; spec: /tmp/svcspec_hytjxkcn
Get service d4b09554-1429-4879-adde-496ed3df6206
Update service d4b09554-1429-4879-adde-496ed3df6206; spec: /tmp/svcspec__2ahg8l6
Get service 65987a91-c7d3-4cc5-84b6-3481045788ef
Update service 65987a91-c7d3-4cc5-84b6-3481045788ef; spec: /tmp/svcspec_ijm0zbsl
Get service 6bfd3389-28a8-424c-8202-26c9615f7ab5_com.emc.avamar.vmware.vcs.SnapshotManagerDelete
Don't update service 6bfd3389-28a8-424c-8202-26c9615f7ab5_com.emc.avamar.vmware.vcs.SnapshotManagerDelete
Get service 6bfd3389-28a8-424c-8202-26c9615f7ab5
Update service 6bfd3389-28a8-424c-8202-26c9615f7ab5; spec: /tmp/svcspec_t4p6faio
Get service 98150872-4642-4c2b-bb82-7ed5df33868e
Update service 98150872-4642-4c2b-bb82-7ed5df33868e; spec: /tmp/svcspec_1w_3n5az
Get service 8efaf1fc-6d69-4d53-80fb-6af0e5b85773
Update service 8efaf1fc-6d69-4d53-80fb-6af0e5b85773; spec: /tmp/svcspec_8v3l46d6
Get service 81ed30c6-225a-4f1d-af1e-05e48b85063c
Update service 81ed30c6-225a-4f1d-af1e-05e48b85063c; spec: /tmp/svcspec_p1dhe0by
Get service ac2864d1-d7de-4c0c-a422-83196893b816
Update service ac2864d1-d7de-4c0c-a422-83196893b816; spec: /tmp/svcspec_awqmtwct
Get service 23d36c57-8756-4425-b8cd-b0c8293229fb
Update service 23d36c57-8756-4425-b8cd-b0c8293229fb; spec: /tmp/svcspec_nnmqzg8l
Get service 1ec29598-0444-4703-ae87-be71d2067cc1
Update service 1ec29598-0444-4703-ae87-be71d2067cc1; spec: /tmp/svcspec_vdda4y_t
Get service 50a871dc-5505-4e8b-9a77-dbbefc51523f
Update service 50a871dc-5505-4e8b-9a77-dbbefc51523f; spec: /tmp/svcspec_4967le27
Get service d4b09554-1429-4879-adde-496ed3df6206_authz
Update service d4b09554-1429-4879-adde-496ed3df6206_authz; spec: /tmp/svcspec_pd07id8q
Get service 95d8bb3b-cc7e-4f25-bbb2-f218d23ca1c9
Update service 95d8bb3b-cc7e-4f25-bbb2-f218d23ca1c9; spec: /tmp/svcspec_kbp4dq_n
Get service d5541d82-dad1-44e5-b8ea-bd9f04ee48d7
Update service d5541d82-dad1-44e5-b8ea-bd9f04ee48d7; spec: /tmp/svcspec_dm1_y77p
Get service 20fcaa73-0c79-469f-a042-0c3abc11f960
Update service 20fcaa73-0c79-469f-a042-0c3abc11f960; spec: /tmp/svcspec_4wr048yb
Get service 6bfd3389-28a8-424c-8202-26c9615f7ab5_com.emc.avamar.vmware.vcs.deploymanager
Don't update service 6bfd3389-28a8-424c-8202-26c9615f7ab5_com.emc.avamar.vmware.vcs.deploymanager
Get service c2a3cded-c2c1-494f-a920-b9c9a7bbb6ab
Update service c2a3cded-c2c1-494f-a920-b9c9a7bbb6ab; spec: /tmp/svcspec_3rf3cphw
Get service d4b09554-1429-4879-adde-496ed3df6206_kv
Update service d4b09554-1429-4879-adde-496ed3df6206_kv; spec: /tmp/svcspec_9479ipym
Get service 6bfd3389-28a8-424c-8202-26c9615f7ab5_vcbimage
Don't update service 6bfd3389-28a8-424c-8202-26c9615f7ab5_vcbimage
Updated 34 service(s)
Status : 60% Completed [Reset vpxd-extension Cert...]
2023-06-06T03:10:11.257Z Updating certificate for "com.vmware.vim.eam" extension