How to update the SSL certificate for Aria Automation Config (SaltStack Enterprise) RaaS server
search cancel

How to update the SSL certificate for Aria Automation Config (SaltStack Enterprise) RaaS server

book

Article ID: 325825

calendar_today

Updated On: 01-27-2025

Products

VMware Aria Suite

Issue/Introduction

The certificate configured for Aria Automation Config service/web portal needs to be replaced.

Environment

VMware Aria Automation Config 8.12.x and above

SaltStack Enterprise 6.0 and higher

Resolution

  1. Identify the location of the current used certificates in the RaaS configuration file /etc/raas/raas in following entries:
      tls_crt: /etc/pki/raas/certs/localhost.crt
      tls_key: /etc/pki/raas/certs/localhost.key

    Note: The above is an example, your certificates might be in a different location.

  2. Backup the certificate and key file as found in the above configuration file
  3. Obtain a renewed certificate and associated key and copy the files into the same location, giving them the same names.
    Note: Alternatively you may relocate the files elsewhere as long as the entries above point to the correct place.

  4. Verify that the raas user owns these files and they have permissions 600 (or -rw------- ).
  5. Verify that the raas user can access the files if parent directories have differing permissions.
  6. Restart the SSE server 
    systemctl restart raas
  7. Wait a few seconds, then verify that SSE is up and running. 
    systemctl status raas
  8. Visit the Aria Automation Config URL in your browser to verify that the webserver is serving content. Using your browser's tools, check the details on the certificate being served to validate that it is the expected certificate with the desired expiration date.
  9. If the used Certificate Authority to sign the new certificate is different to the known Certificate Authority of the connected salt-master server then also import the certificate of the used Certificate Authority to each connected salt-master server.
    e.g: Making CA certificates available to Linux command-line tools