Aria Suite Lifecycle : Replacing Outdated Self-Signed Certificate on Port 8000
search cancel

Aria Suite Lifecycle : Replacing Outdated Self-Signed Certificate on Port 8000

book

Article ID: 377905

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

The certificate used by the Common Appliance Platform (CAP) service on port 8000 is outdated or incorrect, leading to security warnings generated from security team

Environment

Aria Suite Lifecycle 8.x

Cause

VMware Aria Suite Lifecycle uses the Common Appliance Platform (CAP), which replaces the VMware Appliance Management Interface (VAMI) for product installations and upgrades. CAP is an approach to standardize appliance management for all VMware appliances. CAP uses port 8000.

This is an appliance management backend server and doesn't host any webpages, it only accepts API calls. 

Reference : https://docs.vmware.com/en/VMware-Aria-Suite-Lifecycle/8.16/lifecycle-install-upgrade-manage/GUID-4D8CA7D0-9B55-4BB0-BBB8-5697F953645A.html 

Resolution

Solution:

  1. Obtain a new certificate:

    • Acquire a valid certificate from a trusted certificate authority (CA). Ensure the certificate's expiration date is appropriate for your needs.

  2. Replace the existing certificate:

    • Backup the current certificate: 
      cp /opt/vmware/etc/lighttpd/server.pem server.pem.old
    • Replace the certificate: 
      vi /opt/vmware/etc/lighttpd/server.pem
      Delete the exiting contents of the file and paste content of the new certificate(Refer Additional notes for PEM format certificate) into this file.

  3. Restart the CAP service:

    service cap-appliance-management restart

Verification:

  • Test connectivity: Attempt to connect to the service on port 8000.

By following these steps, you should be able to successfully replace the outdated self-signed certificate and ensure the proper functioning of the Cap-appliance-management service on port 8000.

Additional Information

VMware products require certificates in .pem format. Ensure your certificate is in the correct PEM format, as shown in the example below (without the actual certificate and key details)
-----BEGIN CERTIFICATE-----
Your Primary TLS/SSL certificate: your_domain_name.crt
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
Your Intermediate certificate: Intermediate.crt
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
Your Root certificate: TrustedRoot.crt
-----END CERTIFICATE-----


See also:

Tenable Nessus scanner reports vulnerability, TEN-142960 on port 8000 for Aria Suite Lifecycle

Powered by Wolken Software