VMware Aria Operations for Logs 8.18 - SSL Certificate Replacement
Article ID: 424443
Updated On:
Products
Issue/Introduction
Standard certificate management in version 8.18.x utilizes the Web UI for configuration. This method provides automated validation and ensures cluster-wide synchronization across all nodes.
Following Expired certificate in VMware Aria Operations for Logs 8.12 and Later, after installing the SSL certificate by custom-ssl-cert script:
echo "" | keytool -list -keystore /usr/lib/loginsight/application/etc/3rd_config/keystore -rfc 2> /dev/null | openssl x509 -noout -enddate Environment
* VMware Aria Operations for Logs 8.18.x
* VMware Cloud Foundation 5.x
Cause
In VMware Aria Operations for Logs 8.18.x, the preferred and most reliable method for replacing SSL certificates is through the Web UI.
While the /usr/lib/loginsight/application/sbin/custom-ssl-cert script remains a valid tool for emergency recovery when the UI is inaccessible, the Web GUI is the preferred method for standard updates. The GUI ensures integrated validation and automated cluster-wide synchronization across the internal database and all nodes.
Resolution
Upload a signed SSL certificate from VMware Aria Operations for Logs UI:
- Log in to the Web UI as an administrator.
- Navigate to Configuration > SSL.
- Select Choose File, select the PEM-formatted certificate, and select Open.
- Select SAVE and then CONTINUE to restart services.
* Updates performed on the primary node synchronize to all cluster nodes automatically.
* Verify the expiration of the new certificate using the following command:
#### openssl s_client -connect [HOSTNAME]:443 2>/dev/null | openssl x509 -noout -text | grep "Not After"
Feedback
