Replacing VCF Usage Meter 9.0.x VAMI certificates with a custom certificate
Article ID: 322762
Updated On:
Products
VMware Usage Meter
Issue/Introduction
This article provides the procedure to replace the default self-signed certificates for the Virtual Appliance Management Interface (VAMI) in VCF Usage Meter 9.0.x with a custom signed certificate. For instructions on how to create a custom certificate, please refer to the KB article: Replacing Usage Meter SSL certificate with a custom CA-signed certificate (321899).
Environment
VCF Usage Meter 9.0.x
Resolution
Procedure:
- Log in to VCF Usage Meter console as
root. - Assuming you are using the default location of the TLS certificate and private key for the nginx service, use the following command; otherwise, adjust the paths to the private key and certificate file.
cat /etc/ssl/private/nginx-selfsigned.key /etc/ssl/certs/nginx-selfsigned.crt > /opt/vmware/etc/lighttpd/server.pem
- Restart the Usage Meter appliance.
- Verify if the certificates are replaced. Assuming you are logged in to the Usage Meter appliance, compare the fingerprints returned by executing the following commands. The output should be the same.
Note: Replace the localhost with the Usage Meter IP address if you run those commands from a different computer.
openssl s_client -connect localhost:8443 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdinopenssl s_client -connect localhost:5480 < /dev/null 2>/dev/null | openssl x509 -fingerprint -noout -in /dev/stdinFeedback
Yes
No
Powered by
