Detail: I/O error on POST request for "https://<IP>:443/api/auth/login": Certificate for <IP> doesn't match any of the subject alternative names: []Unable to register components with VCF Operations.To fix this, the VCF Operations for Networks Platform appliance(s) need to be updated with valid certificates containing IPs in SAN fields of certificates, via a script.
Script filename: rotate_vrni_certs.sh
Size: 47 KB
MD5 Checksum: 0A9CAC12A2AED222EFE0A490A38F9B17
rotate_vrni_certs.sh.rotate_vrni_certs.sh to the platform node under the /home/support directory. Use a tool such as WinSCP to the platform node and login with username support to transfer the file./home/support directory.ls -lrth sudo md5sum rotate_vrni_certs.shverify parameter to verify if the current VCF Operations for Networks certificate needs to be replaced:sudo bash ./rotate_vrni_certs.sh verify
Note: The results will be either OK or ERROR[OK] All platform certificates are valid. No rotation needed. [ERROR] Certification rotation is required on one or more nodes.
Re-run the script using the apply parameter to rotate the certificate.
If using a CA-signed certificate, copy the certificate, private key and CA chain files to the platform node where the script is being run and execute the script per the following syntax:
sudo bash ./rotate_vrni_certs.sh apply --cert <certificate-pem-file-path-here> --key <private-key-pem-file-path-here> --ca-chain <ca-chain-pem-file-path-here>
If using a self-signed certificate, the script can create a new self-signed certificate and update VCF Operations for Networks to use it.
sudo bash ./rotate_vrni_certs.sh apply --self-signed
Note: Output similar to the following should be returned:[OK] Certificate rotation completed successfully on all nodes!
Subscribe to this knowledge article to get updates on this issue.