Using the Custom Certificate Tool in VMware Aria Operations
Article ID: 333948
Updated On:
Products
VMware Aria Suite
Issue/Introduction
For customers who do not use the default certificate, VMware Aria Operations supports the uploading and use of custom security certificates. In some cases, users find it difficult to create a custom certificate PEM file that is compatible with VMware Aria Operations. The certificate file format requirements are very specific, and VMware Aria Operations does not provide extensive diagnostics for uploaded custom certificates.
Environment
VMware Aria Operations 8.x
VMware vRealize Operations 8.x
VMware vRealize Operations Manager 7.x
Resolution
For improved diagnostics or to correct common errors, you can run the custom certificate tool. This tool is a Python script that runs on any VMware AriaOperations node.
Note: For version 6.x or 7.x, the script is attached to the article and will need to be downloaded and placed into the /usr/lib/vmware-casa/bin/ folder on the vRealize Operations node you wish to run the script on. The script is already included in vRealize Operations 8.x and later.
Using the Script
The tool supports the following options:
Note: For version 6.x or 7.x, the script is attached to the article and will need to be downloaded and placed into the /usr/lib/vmware-casa/bin/ folder on the vRealize Operations node you wish to run the script on. The script is already included in vRealize Operations 8.x and later.
Using the Script
- Log into the VMware Aria Operations node as root via SSH or Console, pressing ALT+F1 in a Console to log in.
- Run the following command:
$VMWARE_PYTHON_BIN /usr/lib/vmware-casa/bin/vropsCertificateTool.py -i custom-certificate-pem-file
Note: Replace custom-certificate-pem-file with the path and name of your custom certificate file.
Example: $VMWARE_PYTHON_BIN /usr/lib/vmware-casa/bin/vropsCertificateTool.py -i /tmp/custom_cert.pem
Note: Replace custom-certificate-pem-file with the path and name of your custom certificate file.
Example: $VMWARE_PYTHON_BIN /usr/lib/vmware-casa/bin/vropsCertificateTool.py -i /tmp/custom_cert.pem
The tool supports the following options:
| Option | Description |
| (-i or --infile) filename (repeat) | Specify the custom certificate input file. When used with --fix, multiple input files are supported. See the Examples section below. |
| (-p or --password) password | Specify the password for an encrypted key section, if the input file includes one. |
| (-d or --describe) or --no_describe | Display or hide the contents of the input file. If you omit this setting, the tool displays the contents by default. |
| -f or --fix | Attempt to repair the input file and save the repaired file as a multiple-part PEM. An output filename is required. The --fix option makes the following changes when repairing an input file:
|
| (-o or --outfile) filename | Used only with the --fix option, the filename of the repaired, multiple-part PEM. |
| (-b or --bag_attributes) or --no_bag_attributes | Used with the --fix option to include or exclude descriptive text in the output file. If you omit this setting, the --fix option includes the text by default. |
| (-v or --validate) or --no_validate | Validate the input file and display a status message, or skip validation. The no_validate option is only useful with the --fix option. If you omit this setting, the tool validates the input file by default. |
| --logging_conf filename | File that contains logging confuration settings. If you omit this option, the default configuration file is logging.conf. By default, basic output goes to the console, and detailed logging goes to vropsCertificateTool.log. When working with Technical Support, provide copies of your certificates and vropsCertificateTool.log. |
| --level (DEBUG | INFO | WARN | WARNING | ERROR | CRITICAL | NONE) | Specify the message types that you want to appear in the log. If you omit this setting, the default is INFO. |
| --openssl path | Location of the OpenSSL binary, for use with PKCS7 files. Only needed if the OpenSSL binary location is not part of the system path. |
| -h or --help | Display instructions for the tool. |
Examples:
- Validate a PEM file:
$VMWARE_PYTHON_BIN vropsCertificateTool.py -i uploaded_cert.pem
- Assemble a multiple-part PEM file from separate parts:
$VMWARE_PYTHON_BIN vropsCertificateTool.py -i ca.pem -i cert1.pem -i key.pem --fix --outfile uploaded_cert.pem
- Repair a multiple-part PEM file:
$VMWARE_PYTHON_BIN vropsCertificateTool.py --infile broken.pem --fix --outfile fixed.pem
- Add a missing certificate to a multiple-part PEM file:
$VMWARE_PYTHON_BIN vropsCertificateTool.py --fix --infile partial.pem --infile ca.pem --outfile uploaded_cert.pem
- Discover what is in a PEM file:
$VMWARE_PYTHON_BIN vropsCertificateTool.py --describe --infile uploaded_cert.pem
- Add readable descriptions (bag attributes) to a PEM file:
$VMWARE_PYTHON_BIN vropsCertificateTool.py --fix --bag_attributes --infile uploaded_cert.pem --outfile bags.pem
Additional Information
Knowledge Base article 2046591 contains additional information about certificates.
Attachments
Feedback
Yes
No
Powered by
