"Cloud zone insights not available yet, please check after some time."
2022-08-25T20:06:43.989Z ERROR hcmp-service [host='hcmp-service-app-xxxxxxx-xxxx' thread='Thread-56' user='' org='<org_id>' trace='<trace_id>' parent='<parent_id>' span='<span_id>'] c.v.a.h.a.common.AlertEnumerationHelper.lambda$synchronizeWithDatabase$12:128 - [<IntegrationName>]: [<UUID>]: Error during enumerating alerts
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[na:na]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:353) ~[na:na]
at java.base/java.lang.Thread.run(Thread.java:829) ~[na:na]
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[na:na]
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
Note: The issue is not specific to Aria operations Integrations and can affect other integrations types added to Aria Automation. The same resolution steps can be applied to update the certificate stored.
VMware vRealize Automation 8.x
The issue is pending resolution.
Workaround:
Note: Prior to performing the workaround best practice dictates you first snapshot Aria Automation nodes.
The certificate stored for Aria operations Integration can be updated via a PATCH API call
1. Obtain the Integration ID and the Username from the UI by opening the respective Aria operations integration within the Aria Automation UI under Infrastructure -> Integrations
The Integration id portion of the url is everything after '%2F'
The integration id can also be validated in the web browsers developers tools:
2. Obtain a Bearer token following the article Generate Access_Token/Bearer_Token in VRA 8.x for API Authentication
3. Capture the new Aria operations certificate in PEM format by running the following command:
openssl s_client -connect <AriaoperationsFQDN>:443 2> /dev/null | openssl x509 | awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}'
replace <AriaoperationsFQDN>
with the actual fully qualified domain name of the Aria operations.
4. Submit a PATCH call to url:
https://<Aria automation FQDN>/iaas/api/integrations/<Aria operations integration ID>?apiVersion=2021-07-15
with body:
{ "privateKeyId": "username", "privateKey": "password", "certificateInfo": { "certificate": "certificate from step 3" } }
A 202 accepted status indicates a successful request: