Procedure to replace certificate for clustered vIDM on AVI load balancer.
search cancel

Procedure to replace certificate for clustered vIDM on AVI load balancer.

book

Article ID: 396472

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

  • This article describes steps on how to configure viDM certificate on AVI Load Balancer.
  • In AVI Load balancer under Templates > Security > SSL/TLS Certificates, you see an error next to the vIDM application certificate "can't find root certificate".
  • Errors are shown about the system failing to start up or not accepting the certificate, for example:

    LCMVIDM71092
    Failed to trust load balancer's certificate. Ensure load balancer has proper root certificate or provide the root certificate chain as retry param 'vidmLBRootCertificateChain' and try again.
    Unable to fetch root/intermediate CA certificates from the certificate chain provided. Failed to trust vIDM load balancer certificate. Retry by providing the root or intermediate CA certificate chain.

Environment

VMware Identity Manager 3.3.x

Resolution

The exact certificate and signing chain that was used in the Aria Suite Lifecycle Manager needs to be uploade.

Below are the steps to update the application certificate in AVI Load balancer:

  1. Go to Templates > Security > SSL/TLS Certificates > Create > Application Certificate
  2. Provide the SSL certificate and the key file, then click validate. Once successful click on save.

Now to import the Root and Intermediate CA in AVI Load balancer, follow below steps:

  1. Go to Templates > Security > SSL/TLS Certificates > Create > Root/Intermediate CA Certificate
  2. Add the Intermediate CA certificate followed by the Root CA certificate with no space in between, then click validate and save.

Go back to Aria Suite Lifecycle and On vIDM environment, Re-Trust Load Balancer.

Additional Information

Powered by Wolken Software