vRealize Automation 7.x users fail to login to tenant portal through API or client browser
search cancel

vRealize Automation 7.x users fail to login to tenant portal through API or client browser

book

Article ID: 325864

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Provide debug log configuration to troubleshoot subjectAltName configuration assigned to embedded VMware Identity Manager.

Symptoms:
  • vRealize Automation was installed with a CNAME alias
  • Hostname within the virtual appliance management interface (VAMI) does not match the virtual IP hostname
  • Connector.log will contain messages similar to:
javax.ws.rs.ProcessingException: javax.net.ssl.SSLHanshakeExeption: java.security.cert.CertificateException : No subject alternative DNS name matching <HOSTNAME> found


Environment

VMware vRealize Automation 7.x

Cause

Certificate configuration lacks subjectAltName attributes for each participating cluster member.

Resolution

Enable debug logging for Connector.log:

  1. SSH into the vRealize Automation appliance
  2. Edit the following file:
vi /usr/local/horizon/conf/saas-log4j.properties
  1. Change the following line:

log4j.category.com.vmware.horizon=DEBUG


Apply a certificate that contains the FQDN of each participating cluster member within the subjectAltName attribute of the certificate configuration.

Example of a configuration file to generate a certificate with subjectAltNames is within the Related Information section below.
 


Additional Information

[req]

distinguished_name = req_distinguished_name

x509_extensions = v3_req

prompt = no

 

[req_distinguished_name]

C = US

ST = CO

L = Broomfield

O = VMware

OU = GSS

CN =  vRAApplianceVIP.domain.local

 

[v3_req]

keyUsage = keyEncipherment, dataEncipherment

extendedKeyUsage = serverAuth

subjectAltName = @alt_names

[alt_names]

DNS.1 = vRAApplianceNode1.domain.local

DNS.2 = vRAApplianceNode2.domain.local

DNS.3 = vRAApplianceVIP.domain.local


Powered by Wolken Software