Unable to Generate new Self-Signed Certificate in Aria Suite Lifecycle Manager Locker - 400 Bad Request
search cancel

Unable to Generate new Self-Signed Certificate in Aria Suite Lifecycle Manager Locker - 400 Bad Request

book

Article ID: 420201

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

When generating new self signed certificates in the LCM locker we fill out the required fields and click "Generate". The UI does not respond and nothing happens. 

When we look at the Developer Tools at the time we click "Generate" we see 400 Bad request

In the /var/log/vrlcm/vmware_vrlcm.log we see the following ERROR

YYYY-MM-DDT00:00:00.000Z INFO vrlcm[1575] [http-nio-8080-exec-6] [c.v.v.l.l.c.CertificateStoreController]  -- Starting certificate generation
YYYY-MM-DDT00:00:00.000Z INFO vrlcm[1575] [http-nio-8080-exec-6] [c.v.v.l.l.s.p.CertificateStoreService]  -- Inside certificate store service
YYYY-MM-DDT00:00:00.000Z ERROR vrlcm[1575] [http-nio-8080-exec-6] [c.v.v.l.l.c.CertificateStoreController]  -- Failed to generate certificate.
com.vmware.vrealize.lcm.common.exceptions.InvalidCertificateException: Validations failed for certificate.

Environment

Aria Suite Lifecycle 8.18.x

Cause

This is due to the Certificate Authority used for signing certificates in Aria Suite Lifecycle is expired. 

Resolution

Take snapshot of the Aria Suite Lifecycle Manager Appliance from vCenter before performing any operation.

 

  1. SSH as root to the Aria Suite Lifecycle appliance.
  2. Run the below command
curl --insecure -X PATCH https://LCMFQDN/lcm/locker/api/certificates/ca -H "Authorization: Basic Base64 encoded username:password"

 

Note: The authorization header should have the base64 encoded value of username and password in the format, username:password. For example, the value should be base64 encoded of admin@local:password.

 

Note: When using base64 on the Aria Suite Lifecycle appliance, run the following command to ensure the echo \n is not processed in the encoding by base64 by running the following command

echo -n 'admin@local:password' | base64

   

Full example of command using sample credentials above would be:

curl --insecure -X PATCH https://LCMFQDN/lcm/locker/api/certificates/ca -H "Authorization: Basic YWRtaW5AbG9jYWw6dm13YXJl"

Powered by Wolken Software