Certificados do vCenter 6.5 expirados

Download Vcert  

vCert

July 25, 2022|vCenter, vSphere

*** UPDATED 28APR2025 ***

Broadcom made a public KB for vCert! This is outstanding! Be sure to pull the latest version from the Broadcom site.

 https://knowledge.broadcom.com/external/article/385107/vcert-scripted-vcenter-expired-certific.html 

***Updated Version 23NOV2024***

I got a copy of this program from VMware through an SR when they helped a customer of mine. It is called vCert. This little program is super simple to use and works pretty great. It does everything and anything to do with Certificates on your vCenters. Unfortunately, VMware has not made this public yet. I wish they would.

Works on 6.x, 7.x and 8.x vCenter.

***With that said, use at your own risk. This is not supported by VMware Engineering. I recommend cold snaps on everything in your SSO Domain before you change anything.***

How to set up vCert!

1. Grab a copy of the vCert from here: https://tinyurl.com/yc3w8nd9

2. SSH to your vCenter.

3. cd /home/root

4. vi vCert

5. Copy the text from the file you downloaded to the vCert file you just created. Your line count should be 9320.

6. Save the file  :wq

7. Make the file executable: chmod +x vCert

8. Run the program: ./vCert

Menu options:  

1. Check current certificates status

2. Check CA certificates in VMDir and VECS

3. View Certificate Info

4. Generate certificate report

5. Check SSL Trust Anchors

6. Update SSL Trust Anchors

7. Replace the Machine SSL certificate

8. Replace the Solution User certificates

9. Replace the VMCA certificate and re-issue Machine SSL

   and Solution User certificates

10. Replace the Authentication Proxy certificate

11. Replace the Auto Deploy CA certificate

12. Replace the VMware Directory Service certificate

13. Replace the SSO STS Signing certificate(s)

14. Replace all certificates with VMCA-signed

   certificates

15. Clear all certificates in the BACKUP_STORE

   in VECS

16. Check vCenter Extension thumbprints

17. Check for SSL Interception

18. Check STS server certificate configuration

19. Check Smart Card authentication configuration

20. Restart reverse proxy service

21. Restart all VMware services

E. Exit

I find I mostly use options 1, 6, and 14.

ERRO NA HORA DE MUDAR WIN 1O HOME PARA PRO

Quando é feito uma instalação do Windows 10 e ela ativa automaticamente com Windows 10 home e quando tentamos mudar para o Windows 10 PRO ele apresenta erro e não aceita a sua chave mesmo sendo válida.

USAR: VK7JG-NPHTM-C97JM-9MPGT-3V66T    obs. sem estar conectado na internet.

Após ele atualizar para o Windows 10 Pro, trocar a chave do Windows colocando a chave válida.

ZCS OSE cannot start after upgrade to 8.8.15

       

        amavis                  Running
        dnscache                Running
        ldap                    Running
        logger                  Running
        mailbox                 Stopped
                zmmailboxdctl is not running.
        memcached               Running
        mta                     Running
        opendkim                Running
        proxy                   Running
        service webapp          Stopped
                zmmailboxdctl is not running.
        snmp                    Running
        spell                   Running
        stats                   Running
        zimbra webapp           Stopped
                zmmailboxdctl is not running.
        zimbraAdmin webapp      Stopped
                zmmailboxdctl is not running.
        zimlet webapp           Stopped
                zmmailboxdctl is not running.

        zmconfigd               Running


1. error in /opt/zimbra/log/mailbox.log

ERROR [main] [] Versions - DB Version Mismatch: ours=111 from DB=109
FATAL [main] [] system - Data version mismatch. Reinitialize or upgrade the backend data store



zimbra@zimbra:cd /opt/zimbra/libexec/scripts/
zimbra@zimbra:~/libexec/scripts$ ./migrate20190401-ZimbraChat.pl
Wed Jul 31 10:56:53 2019: Verified schema version 109.
Wed Jul 31 10:56:55 2019: Verified schema version 109.
Wed Jul 31 10:56:55 2019: Updating DB schema version from 109 to 110.
zimbra@zimbra:~/libexec/scripts$ ./migrate20190611-ZimbraChat.pl
Wed Jul 31 10:57:04 2019: Verified schema version 110.
Wed Jul 31 10:57:06 2019: Verified schema version 110.
Wed Jul 31 10:57:06 2019: Updating DB schema version from 110 to 111

2. update zmlocalconfig 

zimbra@zimbra:zmlocalconfig -e mailboxd_java_options="-server -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 -Djdk.tls.client.protocols=TLSv1,TLSv1.1,TLSv1.2 -Djava.awt.headless=true -XX:+UseG1GC -Dsun.net.inetaddr.ttl=${networkaddress_cache_ttl} -Dorg.apache.jasper.compiler.disablejsr199=true -XX:+UnlockExperimentalVMOptions -XX:G1NewSizePercent=15 -XX:G1MaxNewSizePercent=45 -XX:SoftRefLRUPolicyMSPerMB=1 -XX:-OmitStackTraceInFastThrow -verbose:gc -Xlog:gc*=info,safepoint=info:file=/opt/zimbra/log/gc.log:time:filecount=20,filesize=10m -Djava.net.preferIPv4Stack=true -XX:+HeapDumpOnOutOfMemoryError -XX:CompileCommandFile=.hotspot_compiler -XX:HeapDumpPath=/opt/zimbra/log -XX:ErrorFile=/opt/zimbra/log/hs_err_pid%p.log"


 zmcontrol stop
 zmcontrol start

CentOS Linux release 7.7.1908 (Core)

fonte: https://forums.zimbra.org

Como melhorar a performace do FireBird

Como melhorar a performace do FireBird

                 Para melhorar o desempenho do FireBird é preciso ajusta algumas configurações.

                 No servidor, localize o arquivo firebird.conf, ele fica na pasta onde foi instalado o FireBird (Ex.: C:\Program Files\Firebird\2.5\). Dependendo da configuração do servidor a configuração do FireBird pode mudar.

                 A baixo seguem alguma configurações que podem ser usadas para melhorar o desempenho.

 

 

• Configuração para servidor com processador dual-core, e pelo menos 4GB memória:

  DefaultDbCachePages = 4096
  FileSystemCacheThreshold = 67108864
  FileSystemCacheSize = 70
  CpuAffinityMask = 3

• Configuração para servidor com processador dual-core, e pelo menos 8GB memória:

  DefaultDbCachePages = 8192
  FileSystemCacheThreshold = 134217728
  FileSystemCacheSize = 70
  CpuAffinityMask = 3

• Configuração para servidor com processador quad-core, e acima de 8GB memória:

  DefaultDbCachePages = 16384
  FileSystemCacheThreshold = 268435456
  FileSystemCacheSize = 80
  CpuAffinityMask = 3

          Para complementar o ideal é fazer um Backup/Restore da base de dados com o parâmetro Page Size igual a configuração usada no parâmetro DefaultDbCachePages, definido no firebird.conf.

https://datalansistemas.blogspot.com.br

Download Windows 10

Pessoal segue o link para baixar o Windows 10 / atualizar, assim não precisa esperar o agendamento.

https://www.microsoft.com/pt-br/software-download/windows10

só escolher 32 ou 64.

Instalação e configuração de certificados SSL no seu servidor Zimbra

/opt/zimbra/bin/zmcertmgr createcsr comm -new -keysize 2048 -subject "/C=BR/ST=SIGLADOESTADO/L=NOME DA CIDADE/O=NOME DA EMPRESA/OU=TI/CN=seudominio.tld"

Uma vez recebido seu e-mail com os arquivos de certificado você receberá os seguintes arquivos:

1. AddTrustExternalCARoot.crt
2. SSLRSAAddTrustCA.crt
3. SSLSADomainValidationSecureServerCA.crt
4. seudominio_tld.crt

Efetuando a instalação do certificado

Crie o bundle dos certificados  CA da seguinte maneria, copie o conteúdo dos arquivos acima 1,2,3 para o arquivo

/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt

dentro do seu Zimbra.

Copie o arquivoseudominio.tld.crt

para este mesmo diretório ficando da seguinte maneira

/opt/zimbra/ssl/zimbra/commercial/seudominio.tld.crt

Execute como #ROOT o seguinte comando para validar o certificado a ser instalado, lembre-se de estar dentro do diretório/opt/zimbra/ssl/zimbra/commercial

/opt/zimbra/bin/zmcertmgr verifycrt comm ./commercial.key ./seudominio.tld.crt ./commercial_ca.crt

Você deverá receber isto como saída do comando:

** Verifying ./mail_frtec.com.br.crt against ./commercial.key
** Certificate (./mail_frtec.com.br.crt) and private key (./commercial.key) match.
** Valid Certificate: ./mail_frtec.com.br.crt: OK

Uma vez testado, efetue a instalação do certificado da seguinte maneira:

/opt/zimbra/bin/zmcertmgr deploycrt comm ./mail_frtec.com.br.crt ./commercial_ca.crt

A saída do comando deverá ser similar a abaixo:
** Verifying ./mail_frtec.com.br.crt against /opt/zimbra/ssl/zimbra/commercial/commercial.key Certificate (./mail_frtec.com.br.crt) and private key (/opt/zimbra/ssl/zimbra/commercial/commercial.key) match. Valid Certificate: ./mail_frtec.com.br.crt: OK **
Copying ./mail_frtec.com.br.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt **
Appending ca chain ./commercial_ca.crt to /opt/zimbra/ssl/zimbra/commercial/commercial.crt cp: `./commercial_ca.crt' and `/opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt' are the same file ** Importing certificate /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt to CACERTS as zcs-user-commercial_ca...done. ** NOTE: mailboxd must be restarted in order to use the imported certificate. **
Saving server config key zimbraSSLCertificate...done. ** Saving server config key zimbraSSLPrivateKey...done. **
Installing mta certificate and key...done. **
Installing slapd certificate and key...done. **
Installing proxy certificate and key...done. **
Creating pkcs12 file /opt/zimbra/ssl/zimbra/jetty.pkcs12...done. **
Creating keystore file /opt/zimbra/mailboxd/etc/keystore...done. **
Installing CA to /opt/zimbra/conf/ca...done.

Para verificar o certificado instalado, utilize o comando:
/opt/zimbra/bin/zmcertmgr viewdeployedcrt

Endian Firewall Community 3.0.5-beta1 released

Endian Firewall Community 3.0.5-beta1 released Endian Firewall Community 3.0.5-beta1 has been released and is now available for download. This new minor release contains many improvements and closes more than 350 issues. The most prominent improvements in this new release are: "Network types" have been added to the network wizard and uplink editor to be able to distinguish between firewall setups in different network topologies. Support for transparent implementations through a new bridge mode has been added. With the new TPROXY support in the HTTP proxy it is now possible to create firewall rules, routing policies and other rules based on the source IP address even if the proxy is being used. The complete rewrite of the event management engine results in better performance when analyzing log files and sending notifications. The anti-virus engine has been updated. Many security vulnerabilities have been fixed. Hardware support has been improved.