When updating the Aria Operations for Logs certificate, password or inventory using Aria Suite Lifecycle, you receive the error message:
Error Code: LCMVRLICONFIG40100
VMware Aria Operations for Logs host is unreachable.
Either the host name is incorrect or the virtual machine is not reachable
Unable to connect to host. Check host details and retry
Aria Operations for Logs 8.16
Aria Suite Lifecycle 8.16
Expired certificate. Run the following to verify:
echo "" | keytool -list -keystore /usr/lib/loginsight/application/etc/3rd_config/keystore -rfc 2> /dev/null | openssl x509 -noout -enddate
The enddate should be in the future.In order to get Aria Operations for Logs functional, we must first replace the certificate with a self-signed certificate.
openssl req -newkey rsa:2048 -keyout domain.key -x509 -days 3650 -out domain.crt -nodes
Note: This command will generate a self-signed certificate that is valid for 3650 days (10 years). You may alter the -days value as needed per your organization's security requirements.
Note: When prompted by openssl, provide the required values for your company. If you want to use the default certificate options, enter the following values:
Prompt Value
Country US
State Or Province California
Locality Palo Alto
Organization VMware, Inc.
Organization Unit vCenter Log Insight
Common Name VMware vCenter Log Insight
3. Run the following command to concatenate the key and certificate into a .pem file:
cat domain.key domain.crt > /tmp/cert.pem
Using an SCP utility like WinSCP, copy the /tmp/cert.pem file from the Primary node to the /tmp/cert.pem directory on the other Worker nodes in the cluster.
1. Log into the Primary node as root via SSH or Console.
2. Run the following command to copy the newly-generated or uploaded certificate to the following location:
cp /tmp/cert.pem /usr/lib/loginsight/application/etc/certs/custom.pem
3. Run the following command to use the custom-ssl-cerf script:
/usr/lib/loginsight/application/sbin/custom-ssl-cerf
4. Run the following command to restart the loginsight service:
systemctl restart loginsight
Note: Once the service has restarted, wait a few minutes until the ingestion rate is back to normal, then proceed to step 5.
5. Repeat steps 1-4 on the next node in the cluster, until all nodes have been completed.