A banner appears in Aria Operations indicating the HCX certificate has expired
Article ID: 436986
Updated On:
Products
VMware HCX
VMware Aria Operations (formerly vRealize Operations) 8.x
Issue/Introduction
- From the Aria Operations UI, navigating to the certificate list under Administration > Control Panel > Trusted Certificate confirms that the certificate for the HCX ADAPTER_INSTANCE has expired.
Your certificate is expired. Please check the expiry date to take an action. - Log in to the target HCX Manager CLI as admin. The notAfter value in the output of the following command shows a past date:
admin@hcxmanager [ ~ ]$ echo | openssl s_client -connect <hcx_manager_ip>:443 2>/dev/null | openssl x509 -noout -dates notBefore=<Timestamp> notAfter=<Timestamp> - The Fingerprint in the output of the following command matches the Certificate Thumbprint visible in the Aria Operations UI:
admin@hcxmanager [ ~ ]$ echo | openssl s_client -connect <hcx_manager_ip>:443 2>/dev/null | openssl x509 -noout -fingerprint -sha256 sha256 Fingerprint=<fingerprint>
Environment
VMware HCX
VMware Aria Operations
Cause
This issue is caused by an expired certificate on the HCX Manager.
Resolution
Please follow the steps below to resolve the issue.
Update the HCX Manager certificate by following the steps outlined in KB#403649.
Since the issue described in KB#399679 may occur after performing step 1, follow the instructions in the Resolution section of that KB to import the certificate on the peer HCX Manager.
Update the certificate recognized by Aria Operations by following the steps for "Management Pack (Adapter instance)" in the Resolution section of KB#315906.
Additional Information
Feedback
Yes
No
Powered by
