The purpose of this article is to rotate the certificate authority so that the certificates generated are valid.
Symptoms:
The Certificate Authority used for signing certificates in LCM is expired after two years of installation.
VMware vRealize Suite Lifecycle Manager 8.x
Recommend to implement the workaround for now.
Workaround:
curl --insecure -X PATCH https://vRSLCMFQDN/lcm/locker/api/certificates/ca -H "Authorization: Basic Base64 encoded username:password"
Note: The authorization header should have the base64 encoded value of username and password in the format, username:password. For example, if the username is admin@local and password is vmware then the value should be base64 encoded of admin@local:vmware.
Note: When using base64 on the vRSLCM appliance, run the following command to ensure the echo \n is not processed in the encoding by base64 by running the following command
echo -n 'admin@local:vmware' | base64
Full example of command using sample credentials above would be:
curl --insecure -X PATCH https://vRSLCMFQDN/lcm/locker/api/certificates/ca -H "Authorization: Basic YWRtaW5AbG9jYWw6dm13YXJl"