VMware vCenter Server Appliance 6.x
VMware vCenter Server Appliance 7.x
VMware vCenter Server Appliance 8.x
This issue is resolved in vCenter Server 7.x and 8.x. The lighttpd service is restarted as part of applmgmt service restart during the certificate replacement process.
Incase, the certificate is not reflecting, you can manually restart the service by the below command depending on the vCenter Server version.
Login to vCenter via CLI and restart the service cap-lighttpd
systemctl restart cap-lighttpd.service
Login to vCenter via CLI and restart the service vami-lighttp
service vami-lighttp restart
/sbin/service vami-lighttp restart
ca.crt
. If Machine SSL is issued by Custom Certificate Authority, cachain.cer
should be a chain of all intermediate CA and Root CA certificates.# cp cachain.cer /etc/applmgmt/appliance/ca.crt
# cp /var/lib/vmware/vmca/root.cer /etc/applmgmt/appliance/ca.crt
/opt/vmware/etc/lighttpd/lighttpd.conf
file using a text editor and add the entry at the end of file or after line "ssl.engine= "enable""::
ssl.ca-file="/etc/applmgmt/appliance/ca.crt"
Note: If you are using VAMI Backup / Restore functionality, restore operation will fail due to the extra entry mentioned in above Step added in the configuration file. As by default VAMI backup will not take backup of file /etc/applmgmt/appliance/ca.crt
and due to that restore operation will fail when try to load the configuration parameter ssl.ca-file. To avoid this failure, follow below additional step:vi /etc/vmware/backup/manifests/applmgmt.json
Add the entry "/etc/applmgmt/appliance/ca.crt
" in locations list
Modifications are highlighted in bold, please ensure to include the comma delimiter at the end of line above the one added to ensure the file is in a valid json format
{
"component": "Appliance Management",
"parts": [
{
"locations": [
"/etc/applmgmt/appliance/appliance.conf",
"/etc/applmgmt/appliance/authorization.conf",
"/etc/applmgmt/firstboot/applmgmt.properties",
"/etc/vmware/appliance/dcui.cfg",
"/etc/applmgmt/appliance/update.conf",
"/etc/applmgmt/appliance/ca.crt"
]
}
],
"deploymentType": ["all"]
}
/sbin/service vami-lighttp restart