Update VMware Aria Automation VCF Enabled Cloud Account Certificates via API
search cancel

Update VMware Aria Automation VCF Enabled Cloud Account Certificates via API

book

Article ID: 438197

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

In VMware Aria Automation, when a vCenter Cloud Account is VCF enabled, the account may enter a failure state or fail to synchronize if the stored SSL certificates are mismatched. This specific behavior occurs when the certificates for the underlying vCenter or NSX managers have been rotated or updated, but the Aria Automation provisioning service is still attempting to authenticate using stale certificate data. 

Environment

Aria Automation 8.18.x

Cause

The certificate thumbprints and PEM files stored in the Aria Automation database have become outdated. Because a VCF-enabled account links multiple endpoints, a mismatch in even one certificate (vCenter or NSX) can disrupt the entire Cloud Account's functionality.

Resolution

Follow these steps to manually align the certificates using the Aria Automation API.

  •  Use the following openssl command to fetch the latest certificate from the NSX or vCenter endpoint in the correct format for an API payload:
openssl s_client -connect <endpoint-fqdn>:443 2> /dev/null | openssl x509 | awk 'NF {sub(/\r/, "");  printf "%s\\n",$0;}'
  • Compare this output to the certificate stored in the Cloud Account. If they differ, proceed with the update.
  1. Perform a GET request to verify the current resource state and confirm the Resource ID.
  2. Method: GET  URL: https://{Ariaautoation-url}/provisioning/uerp/resources/endpoints/{endpoint-resource-id}
  3. Perform a PATCH request to update the certificate field in both endpointProperties and customProperties.
  4. Method: PATCH URL: https://{Ariaautoation-url}/provisioning/uerp/resources/endpoints/{endpoint-resource-id}
  5. Body (JSON): ```json
{
"endpointProperties": {
"certificate": "-----BEGIN CERTIFICATE-----\n[Validated-Certificate-String]\n-----END CERTIFICATE-----"
},
"customProperties": {
"certificate": "-----BEGIN CERTIFICATE-----\n[Validated-Certificate-String]\n-----END CERTIFICATE-----"
}
}
  6. Note: Apply this to the specific NSX or vSphere endpoint resource ID as identified in your environment.
  7. Navigate to the UI to enter the your username and password.
  8. Validate the password and click Save.
  9. It should now show as Available for Deployment.
Powered by Wolken Software