Reload the default certificate in Aria Operations
search cancel

Reload the default certificate in Aria Operations

book

Article ID: 326393

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

This article provides steps to reload the default web certificate in Aria Operations (formerly known as vRealize Operations) in case issues are experienced any time after a custom certificate is uploaded, or your custom cert has expired.

After a custom web certificate has been installed from the Admin UI, you may experience one or more of the following issues:

  • You can no longer access the Admin UI or Product UI.
  • One or more nodes reports as Inaccessible in the Admin UI.
  • Aria Operations cluster shows as "Going Offline" with nodes in offline state and button to take node offline or online is greyed out. In recent releases, cluster must be offline before installing new certificate.
  • The /var/log/apache2/error.log reports errors similar to:
[error] Unable to configure RSA server private key
SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch
  • Upgrading Aria Operations fails with error "Upload Failed" when checking the expiry date of the web certificate it shows as expired stopping the upgrade from completing. 

Environment

VMware vRealize Operations 8.x
VMware Aria Operations 8.12 and later

Resolution

To rollback to the default certificates, perform the steps below:
  1. Log into the Primary node as root via SSH or Console, press ENTER in the Console to log in.
  2. Issue the following commands to reload the default certificate:
    unset -f pathappend pathprepend pathremove
$VMWARE_PYTHON_BIN /usr/lib/vmware-casa/bin/activate_web_certificate.py DEFAULT
$VMWARE_PYTHON_BIN /usr/lib/vmware-vcopssuite/utilities/bin/restartHttpd.py
  3. Repeat steps 1 - 2 on all nodes in the Aria Operations cluster, excluding Cloud Proxies

 

The  unset command is needed to avoid error messages related to these environmental variables, due to python version differences going from 6.x/7.x to 8.x. 

It is possible to switch between default and custom certificate by using the DEFAULT and CUSTOM option with the second command in step 2. Only use this in cases where the custom certificate is not expired, and you need to manually switch between custom and default internal certificates for troubleshooting purposes.

Additional Information

If you are still unable to access the Product UI or Admin UI after performing these steps, please open a Support Request.

For more information on opening a Support Request see Creating and managing Broadcom support cases  
For more information on creating certificates for Aria Operations, see Configure a Certificate For Use With VMware Aria Operations
Powered by Wolken Software