Upgrade to VMware Aria Operations for Logs 8.12 Fails on the Primary Node
Article ID: 338304
Updated On:
Products
VMware Aria Suite
Issue/Introduction
Symptoms:
- Upgrade to VMware Aria Operations for Logs 8.12 Fails on the Primary Node.
- The /storage/core/loginsight/var/upgrade.log file on the Primary node shows entries similar to:
Cassandra and tomcat certificate fingerprints are different. Updating...
Custom certificate lacks 'SSL client' purpose
2023-04-20 21:50:25,239 upgrade-driver INFO Exception occured!!!
Custom certificate lacks 'SSL client' purpose
2023-04-20 21:50:25,239 upgrade-driver INFO Exception occured!!!
- Running the echo | openssl s_client -connect localhost:443 2>/dev/null | openssl x509 -noout -purpose | grep 'SSL client :' command on the Primary node returns:
SSL client : no
Environment
VMware Aria Operations for Logs 8.12.x
Cause
Starting with version 8.12, VMware Aria Operations for Logs (formerly known as vRealize Log Insight) requires the custom certificate allow "SSL Client" extended key usage, in addition to "SSL Server". This requirement is checked before the upgrade, and prevents the upgrade if not met.
Resolution
- This issue was resolved in the latest patched release of VMware Aria Operations for Logs 8.12 released 05/01/2023 (Displayed date 04/20/2023), build number 21696970 available at Broadcom Downloads.
- If you are attempting the upgrade using the original release (21618456) it is recommended to revert to snapshots and attempt the upgrade again using the newly released 8.12 build.
- If you are unable to use the patched release, you can instead use the resolution below.
- To resolve this issue, use a certificate that meets the requirements in VMware Aria Operations for Logs 8.12 and later.
- Follow Install a custom certificate if you are using a custom certificate once the certificate has been regenerated to meet the requirements mentioned in the Cause section.
- If you want to use the default certificate, follow Revert to the default certificate.
Install a custom certificate
- Log into the VMware Aria Operations for Logs as the local admin user.
- Navigate to Configuration > SSL.
- Click Choose File and select the certificate file you wish to use.
Note: VMware Aria Operations 8.12 and later requires Client Auth usage. Ensure your custom certificate meets this requirement.
- Click Save.
Revert to the default certificate
- Log into the VMware Aria Operations for Logs UI as the local admin user.
- Navigate to Configuration > SSL.
- Click RESET TO DEFAULTS....
- Click Reset.
Feedback
Yes
No
Powered by
