Unable to update the Aria Operations web certificate using Aria Suite Lifecycle
search cancel

Unable to update the Aria Operations web certificate using Aria Suite Lifecycle

book

Article ID: 325751

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

The purpose of this article is to explain how to renew the web certificate in Aria Operations and restore connectivity between Aria Operations and Aria Suite Lifecycle Manager.

Symptoms:
  • Unable to apply/update the Aria Operations web certificate using Aria Suite Lifecycle due to the certificate having already expired.
  • The Aria Operations cluster is unable to go ONLINE due to the expired certificate.


Environment

VMware Aria Operations 8.16.x and Later

Cause

  • The connectivity between Aria Suite Lifecycle and Aria Operations stops working due to the Aria Operations web certificate having expired.
  • This prevents the Aria Suite Lifecycle appliance from renewing the Aria Operations certificate via its certificate renewal workflow.

Resolution

  1. Take a snapshot of the Aria Operations nodes.
  2. SSH to ALL of the Aria Operations nodes and login as the root account.
  3. Reload the default web certificate as per the steps outlined in KB 326393.
    • unset -f pathprepend
    • unset -f pathremove
    • unset -f pathappend
    • $VMWARE_PYTHON_BIN /usr/lib/vmware-casa/bin/activate_web_certificate.py DEFAULT
    • $VMWARE_PYTHON_BIN /usr/lib/vmware-vcopssuite/utilities/bin/restartHttpd.py
    • Repeat the above steps on ALL nodes before continuing to step 4.
  4. Take the Aria Operations cluster offline via the Admin UI.
  5. Bring the Aria Operations cluster online via the Admin UI and wait for the cluster to come fully online.
  6. Trigger an inventory sync from Aria Suite Lifecycle against the Aria Operations environment and verify the inventory sync completes.
  7. Download the new certificate from the LCM certificate page by selecting 'Download' from the context menu.
  8. Take the Aria Operations cluster offline via the Admin UI.
  9. Upload the new custom web certificate via the Aria Operations Admin UI
    • This is done by logging in as the admin user and clicking the certificate icon in the top right hand corner and selecting 'INSTALL A NEW CERTIFICATE' then browsing to the certificate PEM file and uploading it.
  10. Bring the Aria Operations cluster back online and wait for the cluster to come fully online.
  11. Trigger an inventory sync from Aria Suite Lifecycle against the Aria Operations environment and verify the inventory sync completes.
  12. Verify the certificate is listed as in use under the Aria Suite Lifecycle certificate page and view the listed environment and confirm it lists the Aria Operations environment.



Additional Information

Reload the default certificate in Aria Operations
Configure a Certificate For Use With Aria Operations

Impact/Risks:
Take Snapshot of each of the Aria Operations nodes before performing any maintenance activity.
Refer How to take a Snapshot of VMware Aria Operations for more information.

Powered by Wolken Software