Diagnostics certificates panel in Aria Operations showing expired certificates that are not in use.
search cancel

Diagnostics certificates panel in Aria Operations showing expired certificates that are not in use.

book

Article ID: 408212

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

Expired certificates showing up under Diagnostics -> Certificates in Aria Operations. 

These certificates are not present under Administration -> Control Panel.

When removed directly from the database, they appear in the next polling cycle. 

Environment

Aria Operations 8.18.X

Cause

There is an issue with the VMware Infrastructure Health collection logic where the openssl call to detect certificates is run against localhost:443 rather than externally facing <IP_ADDRESS>:443 which presents invalid certificates.  There are differences in the internal/external httpd service config that determine which certificates are returned by the openssl command. 

Resolution

This issue is resolved in VCF Operations 9.x.


Workaround for Aria Operations 8.18.x:

  1. Navigate to Diagnostics > Certificates > View Details
  2. Click on the row containing the cert you want to delete to open its details.
  3. Copy the thumbprint for the certificate
  4. Navigate to Operations > Configurations > Inventory Management
  5. Paste the thumbprint in the search box (or open the search filter and manually enter details to narrow scope to the specific object)
  6. Click the row for the certificate to be deleted
  7. Click Start Maintenance icon on the top toolbar and configure the duration the certificate object will be in maintenance mode
  8. Refresh the Diagnostics > Certificates > View Details page to verify the certificate object is no longer displayed
Powered by Wolken Software