Unable to replace certificates in Automation/Orchestrator

search cancel

Unable to replace certificates in Automation/Orchestrator

book

Article ID: 423843

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

Unable to replace certificates when using,

# vracli certificate ingress --set your_cert_file.PEM

Prompted to add parameter "--sha256 hash", but does not replace the certificate with the new self-signed custom certificate.

# vracli certificate ingress --set your_cert_file.PEM --sha256 <HASH>

Environment

VCF Automation 8.18.x

Cause

PEM file has an unbroken line section between certificates,

i.e.,

-----END CERTIFICATE----------BEGIN CERTIFICATE-----

Resolution

Reformat the unbroken certificate section in the PEM file:

-----END CERTIFICATE----------BEGIN CERTIFICATE-----

To have a break between certificate sections:

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

Re-run the ingress command and ./deploy.sh script to replace the certificate:

# vracli certificate ingress --set your_cert_file.PEM -sha256 <HASH>

Additional Information

To properly ingress the replacement custom certificate, the PEM file must have clear breaks between BEGIN and END certificate sections.

Note the sha256 hash may be the same and no issue when the certificate is renewed and not a new certificate.

Feedback

thumb_up Yes

thumb_down No