Diagnostics certificates panel in Aria Operations showing expired certificates that are not in use.
search cancel

Diagnostics certificates panel in Aria Operations showing expired certificates that are not in use.

book

Article ID: 408212

calendar_today

Updated On:

Products

VMware Aria Suite VMware Aria Operations (formerly vRealize Operations) 8.x

Issue/Introduction

Expired certificates showing up under Diagnostics -> Certificates in Aria Operations. 

These certificates are not present under Administration -> Control Panel.

When removed directly from the database they appear in the next polling cycle. 

Environment

Aria Operations 8.18.X

Cause

There is an issue with the VIH collection logic where the openssl call to detect certs is ran against localhost:443 rather than externally facing IP_ADDRESS:443 which presents invalid certificates.  There are differences in the internal/external httpd service config that determine which certs are returned by the openssl command. 

 

Resolution

 This issue is resolved in 9.x

 Workaround for 8.18.x.

1. Navigate to "Diagnostics > Certificates > View Details"
2. Click on the row containing the cert you want to delete to open its details.
3. Copy the thumbprint for the certificate
4. Navigate to "Operations > Configurations > Inventory Management"
5. Paste the thumbprint in the search box (or open the search filter and manually enter details to narrow scope to the specific object)
6. Click the row for the certificate to be deleted
7. Click "Start Maintenance" icon on the top toolbar and configure the duration the certificate object will be in maintenance mode
8. Refresh the "Diagnostics > Certificates > View Details" page to verify the certificate object is no longer displayed

Powered by Wolken Software