Steps to Retrieve and Upload Avi Controller Certificate in License Hub
search cancel

Steps to Retrieve and Upload Avi Controller Certificate in License Hub

book

Article ID: 441019

calendar_today

Updated On:

Products

VMware Avi Load Balancer

Issue/Introduction

During License Hub onboarding, the Avi Controller certificate needs to be uploaded manually to establish a trusted connection between License Hub and the Avi Controller. This requirement is commonly seen in environments using custom CA or self-signed certificates, where certificate validation may otherwise fail during onboarding.

Environment

 

  • Avi Controller: 32.1.1
  • VMware License Hub 5.1.2

 

 

Resolution

Step 1: Retrieve the System Certificate from the Avi Controller

  1. SSH to the Avi Controller leader node using admin credentials.
  2. Copy the fetch_cert.sh script to the following directory on the Avi Controller: (Script is attached to the KB)
/opt/avi/scripts/
  1. Provide execute permission to the script:
admin@broadcom-local:~$ chmod +x /opt/avi/scripts/fetch_cert.sh
  1. Run the script as sudo with IP 127.0.0.1 or the Avi Controller IP address.

Example:


admin@broadcom-local:~$ sudo /opt/avi/scripts/fetch_cert.sh 127.0.0.1
Avi Controller     : 127.0.0.1:443
SNI Hostname       : 127.0.0.1
CA Validation      : DISABLED (Blind trust)
----------------------------------------
Fetching certificate...
Successfully fetched certificate!
----------------------------------------
Success: Certificate chain saved to 'full_chain.pem'.

Note:
Use the Fully Qualified Domain Name (FQDN) only if it is specifically required in the deployment environment.

  1. Wait for the script execution to complete successfully.
  2. Open the generated certificate file.
  3. The full_chain.pem is saved to whatever directory you're in when you execute the script — your current working directory.

Example:

cat full_chain.pem
  1. Copy the complete certificate content, including:
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

 

Step 2: Upload the Certificate into License Hub

  1. Navigate back to the License Hub onboarding UI.
  2. Go to:
Endpoint Management > Onboard an Endpoint
  1. Locate the Certificate field during onboarding.
  2. Paste the copied certificate content into the field.
  3. Continue with the onboarding workflow.
  4. Verify that the connection between License Hub and the Avi Controller is established successfully.


Note: Once the endpoint is successfully onboarded, it will be listed in the Endpoint Management section as shown below on the License Hub.



Additional Notes

  • Ensure the entire certificate chain is copied correctly.
  • Missing intermediate certificates may cause onboarding failures.
  • If certificate validation issues persist, verify:
    • DNS/FQDN resolution
    • Certificate validity
    • Time synchronization between systems
    • Correct controller node selection

Attachments

fetch_cert.sh get_app
Powered by Wolken Software