Upload Signed Certificate in VMware Aria Operations for Logs 8.18
search cancel

Upload Signed Certificate in VMware Aria Operations for Logs 8.18

book

Article ID: 424443

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

Following Expired certificate in VMware Aria Operations for Logs 8.12 and Later, after installing ssl certificate by custom-ssl-cerf script:

      /usr/lib/loginsight/application/sbin/custom-ssl-cerf
 
However validated the certificate is not the expected
      echo "" | keytool -list -keystore /usr/lib/loginsight/application/etc/3rd_config/keystore -rfc 2> /dev/null | openssl x509 -noout -enddate 

Environment

VMware Aria Operations for Logs 8.18.x

Cause

In VMware Aria Operations for Logs 8.18.x, the preferred and most reliable method for replacing SSL certificates is through the Web UI.

While the /usr/lib/loginsight/application/sbin/custom-ssl-cerf script remains a valid tool for emergency recovery when the UI is inaccessible, the Web GUI is the preferred method for standard updates. The GUI ensures integrated validation and automated cluster-wide synchronization across the internal database and all nodes.

Resolution

You can upload a signed SSL certificate from VMware Aria Operations for Logs UI.
1.Log in to the VMware Aria Operations for Logs UI.
2.Expand the main menu and navigate to Configuration > SSL.
3.Select Choose File and browse to the location of your SSL certificate and click Open.
4.Click SAVE and click CONTINUE to restart the services.

 

Please note:

a) Execute these steps with the primary node, then the new certificate will be updated to the other nodes automatically .

b) Check the expire date of the  new certificate with  openssl command:

    openssl s_client -connect   <loginsight_fqdn_or_IP>:443      2>/dev/null    |     openssl x509 -noout -text    | grep "Not After"

Powered by Wolken Software