During cluster join Self Signed Cert Generation fails because of fips flags in a freshly deployed Replica node
Article ID: 325897
Updated On:
Products
VMware Aria Suite
Issue/Introduction
Symptoms:
- You are trying to join a vRA replica node to a vRA 7.x cluster
- The operation fails
Environment
VMware vRealize Automation 7.x
Cause
fips flag causes the self-signed certificate generation to fail, stop the cluster join operation.
Resolution
VMware is aware of this issue. See the Workaround section below for additional information.
Workaround:
Workaround:
Generate new Self Signed cert and update Key Store by removing the fips flags temporarily
Prerequisites
- Please take simultaneous non-memory snapshots of each virtual appliance(s) in the cluster.
- You have access to root user and password
- You have SSH or console access to each virtual appliance.
Procedure
- SSH / PuTTy into the replica vRA virtual appliance failing to join
- To check the The Common Name in the self signed cert, it will be set to master node hostname, run
/usr/java/jre-vmware/bin/keytool -v -list -keystore /opt/vmware/horizon/workspace/conf/tcserver.keystore - Create a backup directory
mkdir /root/tmp-bkp - Move the fips flags
mv /usr/local/horizon/conf/flags/fips* /root/tmp-bkp - Install Self Signed Cert and update the keystore
/usr/local/horizon/scripts/secure/wizardssl.hzn - Move the files back
mv /root/tmp-bkp/fips* /usr/local/horizon/conf/flags - Restart Horizon Workspace services
service horizon-workspace restart - Retry the replica join operation
Feedback
Yes
No
Powered by
