vRealize Automation 7.x RabbitMQ status "NOT Connected: java.security.cert.CertificateException: Untrusted certificate chain"
search cancel

vRealize Automation 7.x RabbitMQ status "NOT Connected: java.security.cert.CertificateException: Untrusted certificate chain"

book

Article ID: 366934

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

  • In the VAMI interface under vRA > Messaging the connection Status display as:

"NOT Connected: java.security.cert.CertificateException: Untrusted certificate chain"

  • The output of the following command confirms the RabbitMQ certs have expired:

/etc/rabbitmq/certs/server # openssl x509 -noout -text -in cert.pem  | grep -A 2 Validity

Cause

The RabbitMQ certificates generated at deployment time in vRealize Automation 7.x have a validity period of 7 years and are not auto-renewed.

Resolution

Before proceeding take snapshots of the vRealize Automation 7.x environment.Per from the steps below on each node 

 

1. Stop services on all VA nodes (replicas first, then master)

vcac-vami service-manage stop vco-configurator vco-server vcac-server horizon-workspace hzn-dots elasticsearch rabbitmq-server

 

2. Move the RabbitMQ certs folder to a backup location on all VA nodes. Perform this on each node

mv /etc/rabbitmq/certs/ /tmp/certs

 

3. Start the RabbitMQ firstboot script, that will generate the new certs. Perform this on each node

/etc/bootstrap/firstboot.d/30rabbit-conf

This command will also start the rabbitmq server.

 

4. Start services on each VA node:

vcac-vami service-manage start elasticsearch horizon-workspace hzn-dots vcac-server vco-server vco-configurator

(After horizon-workspace starts, the hzn-dots service will keep the user waiting (printing dots) until vidm is up and running. This should take a few minutes. Only then the vcac-server will be started)

5. Validate RabbitMQ and services status from the VAMI interface

It can take 10-15 minutes to bring up the vRA services these can be monitored in the VAMI interface under the vRA > Services tab