This article explains the process of reverting to a previous self-signed SSL certificate in VMware Cloud Director Availability if any issues arise after updating the Self-Signed certificate.

VMware Cloud Director Availability 4.x

Issues may arise after updating the self-signed SSL certificate, requiring a revert to the previous certificate. This can be achieved using a backup of the old certificate stored in the `.bak` file.

1. Reverting to a Snapshot

• If you have taken a snapshot of the VCDA environment before updating the SSL certificate, it is recommended to revert to that snapshot. This ensures that all configurations and changes are reverted, including the SSL certificate.
• Reverting to a snapshot is the safest method as it will restore the entire environment to its previous state, minimizing the risk of corruption or incomplete restoration.

2. Restoring Using the Backup File (.bak)

If you do not have a snapshot, you can restore the previous self-signed certificate by renaming the .bak backup file to the original certificate file name. The backup file is usually located in the following path:

• /opt/vmware/h4/serviceType/config/keystore.p12.bak

Note: The ServiceType can be cloud, manager, replicator, or tunnel, depending on your system configuration.

Steps to Restore:

1. Navigate to the directory where the backup file is located.
2. Rename the .bak file to the original file name (e.g., keystore.p12).
3. Ensure the system is configured to use this renamed file for SSL authentication.

NOTE:
If the backup file contains the correct configuration, renaming it to the original file name will restore the previous self-signed certificate. However, note that backup files can sometimes become corrupted, so this method may not always be ideal if the backup file is compromised.

References:

Regenerate a self-signed SSL certificate