How to rotate the syslog server CA certificate for Anti-Virus Scanning tile
search cancel

How to rotate the syslog server CA certificate for Anti-Virus Scanning tile

book

Article ID: 411246

calendar_today

Updated On:

Products

VMware Tanzu Application Service

Issue/Introduction

When TLS is enabled for syslog server configured on Anti-Virus Mirror tile, a CA certificate will be provided to trust the syslog server certificate. And if the Anti-Virus Scanning tile also exists, the same will be provisioned for the Anti-Virus Scanning tile as well. 

However, when the syslog server CA certificate needs to be updated, there is no place on the Anti-Virus Scanning tile to change the CA certificate. 

Environment

Anti-Virus Scanning

Cause

Instead of a BOSH deployment, the Ops Manager will only deploy a BOSH runtime config for the Anti-Virus Scanning tile. 

Resolution

The syslog server CA certificate for Anti-Virus Scanning tile can be updated with Ops Manager API or om utility. 

This article shows the approach of using om utility. Please refer to Ops Manager documentation for using Ops Manager API.

1. Prepare a env file with login credentials of Ops Manager. 

$ cat env.yml 
---
target: https://<Ops Manager FQDN>
connect-timeout: 30            # default 5
request-timeout: 1800          # default 1800
skip-ssl-validation: true     # default false
username: <Ops Manger user name>
password: <Ops Manager password>

 

2. Use om utility to dump the configuration of p-antivirus product

# Confirm the p-antivirus product exists
$ om -e env.yml products
+---------------------------+----------------+-----------------+-----------------+
|           NAME            |   AVAILABLE    |     STAGED      |    DEPLOYED     |
+---------------------------+----------------+-----------------+-----------------+
| cf                        | 6.0.17         | 6.0.20          | 6.0.20          |
| p-antivirus               | 2.4.2          | 2.4.2           | 2.4.2           |
| p-bosh                    |                | 3.1.1-build.233 | 3.1.1-build.233 |
+---------------------------+----------------+-----------------+-----------------+

# Dump the staged configuration of p-antivirus product to a file
$ om -e env.yml staged-config -p p-antivirus -c > p-antivirus-tile.yml

# Make a copy of the dump file
$ cp p-antivirus-tile.yml p-antivirus-tile.yml.bak

 

3. Open the saved file (p-antivirus-tile.yml) with some editor and update syslog server CA certificate and save the change

 

4. Use om utility to apply the updated configuration file

$ om -e env.yml configure-product -c p-antivirus-tile.yml

 

5. Dump the configuration again to confirm the CA certificate is updated

$ om -e env.yml staged-config -p p-antivirus -c

 

6. Run "Apply Changes" for Anti-Virus Scanning tile on Ops Manager

 

Powered by Wolken Software