How to fix pre-chek SSL certificate issue during vCenter upgrade from 6.7 to 7.0

I just ran an upgrade and stage 1 went perfectly fine. However, during pre-check on stage 2, I received this error message:

The machine SSL certificate in the VMware Endpoint Certificate Store (VECS) does not correspond with the service registration in the VMware Directory Service (vmdir).

To fix this error please follow this steps:

  1. Download the script from the VMware community website.
  2. Take a snapshot before proceeding!
  3. Copy the file to # /usr/lib/vmidentity/tools/scripts
  4. Run the below commands:
# python ls_ssltrust_fixer.py -f scan
#python ls_ssltrust_fixer.py -f fix

NOTE: The script requires an admin account and password for vCenter

As you can see 25 endpoints for 9 services have been fixed. Now we can rerun the update.

NOTE: Make sure you take the necessary backup/snapshot. Please try this ls_ssltrust_fixer.py in a test environment, do not try this in the production environment. Please raise a support request to validate before executing this script in the production environment

Introduction to vSphere 8 :

Please like and share to spread the knowledge in the community.

If you want to chat with me please use Twitter: @AngrySysOps

Join my  VMware Knowledge Base Group: https://bit.ly/3w54tbc

Visit my FB page: https://www.facebook.com/AngrySysOps

Subscribe to my channel : https://bit.ly/3vY16CT


Please leave the comment