Expired certificate on VMware Aria Suite products can't be replaced using VMware Aria Suite Lifecycle.
search cancel

Expired certificate on VMware Aria Suite products can't be replaced using VMware Aria Suite Lifecycle.

book

Article ID: 370578

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

This article aims to inform customers that when a custom certificate on VMware products expires, it is not possible to renew the certificates via Aria Suite Lifecycle after the appliance is rebooted OR services/network is impacted.
 
  • Aria Lifecycle will show a similar error If the user is trying to replace the product certificate when is expired:

    java.lang.NullPointerException
	at com.vmware.vrealize.lcm.drivers.vrops.VropsEndpoint.findAuthSource(VropsEndpoint.java:3324)
	at com.vmware.vrealize.lcm.drivers.vrops.VropsEndpoint.sendWithCasaToken(VropsEndpoint.java:3205)
	at com.vmware.vrealize.lcm.drivers.vrops.VropsEndpoint.getVersion(VropsEndpoint.java:2034)
	at com.vmware.vrealize.lcm.drivers.vrops.VropsEndpoint.getPolicyVersion(VropsEndpoint.java:2224)
at com.vmware.vrealize.lcm.plugin.core.vrops.tasks.CertificateUpdateTask.execute(CertificateUpdateTask.java:78)
	at com.vmware.vrealize.lcm.automata.core.TaskThread.run(TaskThread.java:62)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at java.base/java.lang.Thread.run(Unknown Source)

Environment

VMware Aria Suite Lifecycle 8.x
VMware Aria Operations 8.x
VMware Aria Operations for Logs 8.x
VMware Aria Automation 8.x
VMware Aria Automation Orchestrator 8.x
VMware Aria Operations for Networks 6.x

Cause

Certificates CANNOT be replaced through Aria Suite Lifecycle once the certificate has already expired as HTTPS API calls between Aria Lifecycle and Aria suite products will fail due to the unhealthy state of appliance.

Resolution

To ensure the continued security and functionality of your Aria Suite Lifecycle, please follow the steps below to renew your certificate:
  1. Take a snapshot before trying any changes on affected Aria Suite product(s).
  2. Manually change the certificate.
  3. Import this certificate in VMware Aria Suite Lifecycle locker.
  4. Later do an inventory sync through VMware Aria Suite Lifecycle.
Note: For SSL termination on the load balancer of vIDM manually replace the certificate in the load balancer prior to VMware Identity Manager.

Additional Information

Powered by Wolken Software