Exporting vRealize Log Insight custom certificates for use with Audit Log Integration within vRealize Automation
search cancel

Exporting vRealize Log Insight custom certificates for use with Audit Log Integration within vRealize Automation


Article ID: 326032


Updated On:


VMware Aria Suite


If vRealize Log Insight (vRLI) is configured with custom TLS / SSL certificates, then the root certificate from vRLI will need to be imported into vRA.


You can configure vRealize Automation (vRA) to export audit events to vRealize Log Insight (vRLI) to facilitate viewing audit events.

Audit logging is deactivated by default and you must enable it to generate and view audit logging events.

If used, SSL is configured on the vRealize Automation appliance where the Log Insight agent resides, and it concerns the connection to the Log Insight Syslog server. To use SSL, you must configure the appropriate certificates and connectivity between vRealize Automation and the Log Insight server installed on your deployment.


VMware vRealize Automation 7.x


  1. Follow the instructions to configure Audit Log Integration in vRA:  https://docs.vmware.com/en/vRealize-Automation/7.6/com.vmware.vra.prepare.use.doc/GUID-B4D67EE5-AC9E-458D-A606-FA62BE67E6A0.html
  2. Export the root certificate from vRLI:
    1. SSH to the vRLI node
    2. Change to the following directory:
cd /usr/lib/loginsight/application/3rd_party/apache-tomcat-8.5.43/conf
Note: The tomcat folder version may change for different versions of vRLI.  Modify the line above accordingly.
  1. Export the certificate using the keytool command:
/usr/java/default/bin/keytool -exportcert -keystore keystore -rfc -alias loginsight -file /tmp/rootcert.pem
Note:  The password for the keytool command is blank.  Press Enter when prompted to enter the password.
  1. Using a FTP or SCP utility, copy the /tmp/rootcert.pem to your desktop.
  2. Edit the rootcert.pem file using a text editor and copy the entire contents to clipboard, ensuring that you do not copy any whitespace at the end of the file.
Note:  A truncated example is below:
  1. Log into the port 5480 virtual appliance management interface (VAMI) at https://vRAFQDN:5480/ with root credentials.
  2. Navigate to vRA > Logs > SSL Trusted Certificates.
  3. Select Import and paste in the root CA-signed PEM formatted certificate followed by Save Settings under the Actions section.
NoteAccept Any Trusted and Accept Any can be used to circumvent the need to manually import this root CA certificate.

Additional Information