SSL certificates are expired for Aria Operations for Logs (Formerly Log Insight)
Article ID: 395456
Updated On:
Products
VCF Operations/Automation (formerly VMware Aria Suite)
Issue/Introduction
- The certificates have expired for Aria Operations for Logs.
- The UI is not accessible
- Cassandra is down on some or all of the nodes.
- Use the command below to test.
nodetool-no-pass status - '
Cassandra is not running' will be returned.
- Use the command below to test.
- SCP to one or all nodes is not possible.
Environment
Aria Operations for logs 8.16 and later.
Cause
The certificates have expired, causing the Cassandra cluster to fail.
Resolution
- Log into the Primary node as root via SSH or Console.
- Run the following commands to navigate to the certs directory and make a copy of the default certificate and rename it to custom.pem.
cd /usr/lib/loginsight/application/etc/certs cp default.pem custom.pem - Run the following command to use the custom-ssl-cerf script:
/usr/lib/loginsight/application/sbin/custom-ssl-cerf - Repeat steps 2 and 3 on all remaining nodes in the cluster
- Run the following command to restart the loginsight service on all nodes, one at a time
systemctl restart loginsight
Note: Once the service has restarted, wait a few minutes, check that the Loginsight service is running by running the command service loginsight status, then proceed to restart the service on the next node.
Additional Information
The steps above use the default certificate saved on the appliances. It is useful in cases where SCP cannot be used to move a certificate, as per the KB below;
Feedback
Yes
No
Powered by
