This article provides a workaround to import the private key.

Symptoms:
When one of the following commands is used to import certificate with encrypted private key, /opt/scripts/deploy.sh fails to successfully re-deploy the services:

• vracli certificate ingress --set pem_file --sha256 sha_sum
• vracli certificate ingress --set stdin --sha256 sha_sum

/opt/scripts/deploy.sh shows output similar to:

-----BEGIN CERTIFICATE-----
(server cert data...)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(intermediate CA cert data...)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(root CA cert data...)
-----END CERTIFICATE-----
error: failed to load key pair tls: failed to parse private key

VMware vRealize Automation 8.x
VMware vRealize Orchestrator 8.x

VMware Aria Automation 8.x
VMware Aria Orchestrator 8.x

A known issue with the vracli command and using private encrypted keys.

Subscribe to the article to receive notifications when the article is updated.

1. Download the script attached to this article.
2. Upload the script on one vRA node.
3. Make the script executable using the following command: chmod +x decrypt_key.sh
4. Use the following command to decrypt the key: decrypt_key.sh certificate_chain.pem
Where 'certificate_chain.pem' is file containing the entire certificate chain.
5. When asked for password the first time, enter the password to decrypt the private key.
6. When asked for password second time, hit 'enter' key.
7. Redeploy the environment with the following command:
/opt/scripts/deploy.sh