[Feature Request] vCenter Certificate expiring alert

[vlarocca]

Hi Folks,

As many of you discovered this year, especially reading this VmWare KB https://kb.vmware.com/s/article/66983 :

The validity period of all certificates issued by the VMware Certificate Authority (VMCA) is reduced to 2 years

During my latest maintenance intervention for a customer, IT guys said me: "This reducing of vCenter certificate expiration period is very annoying. I need to enable vCenter alerts especially for this reason...hey! Veeam One could maybe have an alert for certificate expiration."

It could be a good idea...unfortunately I wasn't able to found something like that. Was my research bad?

In the case where it really doesn't exist an alarm like that, I think it could be a good feature request, don't you think?

Let me know

Thanks guys
Vittorio

[Vitaliy S.]

Hi Vittorio,

Yes, that's a good FR for the alarm. Additionally, judging by this KB from VMware, there should be an internal event on the vCenter Server flagging this situation. If that's correct, then you can already create a custom alarm (event-based) in Veeam ONE to address this scenario.

Thanks!

[vlarocca]

Hi Vitaly!

Thanks for your reply and thanks for information, I will try shortly to create a custom one.

Can I considera as managed my FR? Do you need my action for ho ahead whit?

Thanks again

[Vitaliy S.]

Yes, your post is a FR for our next updates. No other actions needed.

[vlarocca]

Thank you Vitaly!

[claysoe]

This still has not been implemented, after all these years.

Could you please add this functionality to Veeam One.

Veeam Support - Case # 07619866

[jorgedlcruz]

Hi Jim,
Thanks for the Case and FR, it is still the backlog but will try to expedite it for post v13.

Remember that as Vitaliy mentioned, as an event is created when it happens. You can create the alarm today. Let me adjust the parameters on my lab so the alarm triggers and I paste an image. But, yes as a FR so you and other customers do not need to do this manually is on the way.

Thank you!

[djoye]

It would be nice to have a predefined alarm for this, in the meantime, try creating a custom alarm for event name com.vmware.vc.vecs.CertExpirationEvent.

Under VMware vSphere -> vCenter Server, create an alarm with an event-based rule with event name com.vmware.vc.vecs.CertExpirationEvent. I'm not sure if the Severity option matters, but I used "Error". I wasn't able to fully test this (see the alarm get triggered/resolved in Veeam One), but I did get a hit on this event using Veeam One's modeling tool. My next vCenter cert expires in late June and I think the alarm in vCenter is triggered 30 days prior to expiration, so I won't know how viable this is until late May.

I found the event name here: https://helpcenter.veeam.com/docs/mp/kb ... tml?ver=9a

[djoye]

Following up to confirm that we did indeed receive a Veeam ONE alert based on the custom alert I referenced in my last post.

Code: Select all

Veeam ONE 

Alarm Triggered
Object:vcsa
Object type:vCenter Server
Location:vcsa
Host:vcsa
Source:
IP:
Guest OS:
Guest host name:
Description:
Business View group:
  
Alarm:vCenter Certificate Status
Status:Error 


Previous status:Reset/resolved
Time:
Details:Fired by event: com.vmware.vc.vecs.CertExpirationEvent
Event description: Certificate 'C=US,CN=vcsa.domain.com' from 'MACHINE_SSL_CERT' expires on 2025-06-21 05:41:44.000
Initiated by: Not Set

[jorgedlcruz]

That is fantastic to hear djoye! Thank you so much for waiting all this time and come back with the answer.

Veeam ONE does indeed a great job at ingesting VMware vSphere events, if not all of them, almost. So your idea with the event com.vmware.vc.vecs.CertExpirationEvent was very nice!

We can look into adding a native alarm for this for future releases.

Thanks a lot!