Log Insight SSL Certificate will expire in -x days
2022-10-17 07:11:17.989 INFO [http-nio-8080-exec-7] c.v.v.l.l.c.CertificateStoreController - - - Starting certificate generation
2022-10-17 07:11:17.990 INFO [http-nio-8080-exec-7] c.v.v.l.l.s.p.CertificateStoreService - --
Inside certificate store service
2022-10-17 07:11:18.422 ERROR [http-nio-8080-exec-7] c.v.v.l.l.c.CertificateStoreController - -- Failed to generate certificate.
com.vmware.vrealize.lcm.common.exceptions.InvalidCertificateException: Validations failed for certificate.
Open an SSH session to the vRSLCM appliance as root and check the certificate by running the below commands
/opt/vmware/vpostgres/11/bin/psql -U postgres -d vrlcm
\x
select * from vm_locker_certificate where alias = 'DEFAULT_LOCKER_CA';
Using a utility such as WinSCP or FileZilla, copy the certificate you get from step1 and save it to your local desktop as .crt file.
Check the certificate's expiration
If the certificate is expired or about to expire within 30 days, replace the root certificate of vRSLCM before issuing a certificate to vRLI.
To reload/replace the root CA certificate of vRSLCM, follow Rotate expired Locker certificate authority in vRealize Suite Lifecycle Manager