Post the Upgrade of VMware Aria Operations for Networks to v6.14, SSL SMTP (port 465) does not work.
search cancel

Post the Upgrade of VMware Aria Operations for Networks to v6.14, SSL SMTP (port 465) does not work.

book

Article ID: 404850

calendar_today

Updated On:

Products

VCF Operations for Networks

Issue/Introduction

In VMware Aria Operations for Networks, you can configure a mail server to receive alert notifications through mail securely.

However, post an upgrade to v6.14, the Alert Notifications stop working and you may observe the following error while sending out a test email :

In previous versions, the following steps were executed to resolve the issue :

  • Create a certificate chain with the leaf cert at the top, intermediate in the middle and the root at the bottom.
  • Save the file in the home directory of the Platform node with a name ( Example : chain.pem )
  • Post that, establish a support session to the Platform Node and run the following commands :
    • sudo keytool -importcert -trustcacerts -noprompt -alias "Chain_Alias" -file chain.pem -keystore /usr/lib/jvm/zulu-11-amd64/lib/security/ca
  • Post that, re-start the RESTAPI service :
    • sudo systemctl stop restapilayer-service.service
    • sudo systemctl start restapilayer-service.service

Environment

Aria Operations for Networks 6.14

Cause

This issue occurs due to a change in the JAVA version in v6.14. In v6.14, the JAVA version installed is 17.0.10. Hence, the location to import the Cert also changes.

 

Resolution

Below workaround needs to be applicable on all nodes in Cluster.

To resolve the above issue, follow the steps below to import the Cert into the correct keystore :

  • Take a backup of the VMware Aria Operations for Networks Environment.
  • Reference KB for the procedure to take a backup : Best practices to shutdown Aria Operations for Networks Clustered deployments
  • Create a certificate chain with the leaf cert at the top, intermediate in the middle and the root at the bottom.
  • Save the file in the home directory of the Platform node with a name ( Example : chain.pem )
  • Post that, establish a support session to the Platform Node and run the following commands :
    • sudo keytool -importcert -trustcacerts -noprompt -alias "Chain_Alias" -file chain.pem -keystore /usr/lib/jvm/openjdk-java17-amd64/lib/security/cacerts -storepass changeit
  • Post that, re-start the RESTAPI service :
    • sudo systemctl stop restapilayer-service.service
    • sudo systemctl start restapilayer-service.service

 

Powered by Wolken Software