How to Generate SSL Certificate in Aria Operations for Networks appliance once existing appliance Certificate shows expired
search cancel

How to Generate SSL Certificate in Aria Operations for Networks appliance once existing appliance Certificate shows expired

book

Article ID: 324447

calendar_today

Updated On:

Products

VCF Operations for Networks

Issue/Introduction

  1. Aria Operations for Networks Appliance default certificate shows expired.
  2. To Validate check on appliance via below command shows expired appliance certificate.

    sudo openssl x509 -noout -enddate -in /etc/nginx/ssl/vnera.com.crt
  3. Refer to the output of above command showing expired certificate.

    ubuntu@aria-networks-platform:~$ sudo openssl x509 -noout -enddate -in /etc/ngin                                                                                                                                                                                                                                                                                                                                                           x/ssl/vnera.com.crt
notAfter=Oct 28 06:39:43 2023 GMT

Environment

VMware vRealize Network Insight 6.x
VMware vRealize Network Insight 6.9
Aria Operations for Networks 6.10.0
Aria Operations for Networks 6.11.0
Aria Operations for Networks 6.12.0
Aria Operations for Networks 6.13.0
Aria Operations for Networks 6.14.0

Resolution

Follow the below instructions to use the vRNI appliance itself to generate an SSL cert and apply:

  1. Take Putty/SSH on Platform appliance using user name support.
  2. Type command ub to switch to ubuntu user.
  3. Create a directory using below command: 

    mkdir custom_certs
  4. Use below command to enter to the newly created directory in step 3.

    cd custom_certs
  5. Issue below 2 commands to generate SSL certs : 

    openssl genrsa -out vnera.com.key 2048
openssl req -new -key vnera.com.key -x509 -days 366 -sha256 -subj "/C=US/ST=CA/L=PA/O=VMware/OU=Arkin/CN=vrni-platform-release/[email protected]" -out vnera.com.crt
  6. Take Putty/SSH on Platform appliance using user name consoleuser

    To validate and list cert files execute the below command:

    custom-cert list
  7. To apply cert files execute the below command:

    custom-cert apply


    See Example below as below:

    support@vrni-platform-release:~$ ub
ubuntu@vrni-platform-release:~$ mkdir custom_cert
ubuntu@platform1:~$ cd custom_certs
ubuntu@platform1:~/custom_certs$ openssl genrsa -out vnera.com.key 2048
Generating RSA private key, 2048 bit long modulus
................................................................................ ..........................+++................................................................................                                                                                                                                                             ................................................................................                                                                                                                                                             .................+++
e is 65537 (0x10001)
ubuntu@platform1:~/custom_certs$ openssl req -new -key vnera.com.key -x509 -days 366 -sha256 -subj "/C=US/ST=CA/L=PA/O=VMware/OU=Arkin/CN=vrni-platform-release/[email protected]" -out vnera.com.crt
ubuntu@platform1:~/custom_certs$ ls
vnera.com.crt  vnera.com.key
ubuntu@platform1:~/custom_certs$
(cli) custom-cert list
vnera.com.crt
vnera.com.key
(cli) custom-cert apply
Successfully applied new certificate. All active UI sessions have to be restarted.
(cli)

Additional Information

Impacts/Risks: No functional impact.

Powered by Wolken Software