Unable to delete certificate thumbprint from UI in VMware Aria Operations (Formerly vRealize Operations Manager)
search cancel

Unable to delete certificate thumbprint from UI in VMware Aria Operations (Formerly vRealize Operations Manager)

book

Article ID: 340657

calendar_today

Updated On:

Products

VCF Operations/Automation (formerly VMware Aria Suite)

Issue/Introduction

Symptoms:

  • In vRealize Operations Manager UI, deleting a Certificate from Trusted Certificates fails with error:
Internal Error: RuntimeException: java.lang.NullPointerExceptionrnal Error Occurred
  • Unable to log in to vRealize Operations Manager UI after accepting a new certificate.
  • In the /storage/vcops/log/web*.log file, you see entries similar:
INFO [xxx-xxx-127.0.0.1-8009-exec-15] com.vmware.vcops.ui.util.MainPortalListener.log - (
Component: TODO
Url:/ui/certificate.action
Params: mainAction=deleteCertificate
)
java.lang.NullPointerException
at com.vmware.vcops.bridge.model.CertificateTrustObjectParam.getURIRepresentation(CertificateTrustObjectParam.java:45)
at com.vmware.vcops.bridge.model.CertificateTrustObjectParam.getURIRepresentation(CertificateTrustObjectParam.java:52)
at com.vmware.vcops.ui.action.CertificateAction.getTrustObjectDisplayName(CertificateAction.java:81)
at com.vmware.vcops.ui.action.CertificateAction.execute(CertificateAction.java:53)


Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.

Environment

VMware Aria Operations 8.x

Resolution

To resolve the issue, kindly refer to the steps below to manually delete the certificates from the database.

⚠️  **Warning:** Before proceeding, take snapshots of all nodes to avoid data loss.

vRealize Operations v8.0 - v8.6.4

  1. Log in to vRealize Operations Manager master node as root through SSH or Console.

  2. Run this command to log in to the database:
    $VMWARE_PYTHON_BIN $ALIVE_BASE/cassandra/apache-cassandra-*/bin/cqlsh --ssl --cqlshrc $ALIVE_BASE/user/conf/cassandra/cqlshrc


  3. Run this command to get a list of all certificates in the database:
    select key from globalpersistence.certificate;


    Note: You see the output similar to:

    key
    ------------------------------------------------------
    Certificate.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    Certificate.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

  4. Note the key of the certificate you want to delete, where the thumbprint of the certificate is the key.

  5. Run this command to delete the certificate:
    delete from globalpersistence.certificate where namespace='certificate' and classtype='certificate' and key='Certificate.thumbprint';


    Examples:
    Note: Replace Certificate.thumbprint with the key noted in step 4.
    delete from globalpersistence.certificate where namespace='certificate' and classtype='certificate' and key='Certificate.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';


  6. Run this command to exit the database:
    quit;


vRealize Operations 8.10, Aria Operations 8.12 and later

  1. Log in to vRealize Operations Manager/Aria Operations master node as root through SSH or Console.

  2. Run this command to log in to the database:
    su - postgres -c "/opt/vmware/vpostgres/current/bin/psql -d vcopsdb -p 5433"


  3. Run this command to get a list of all certificates in the database:
    select key from kv_certificate;


    Note: You see the output similar to:

    key
    ------------------------------------------------------
    Certificate.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    Certificate.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

  4. Note the key of the certificate you want to delete, where the thumbprint of the certificate is the key.

  5. Run this command to delete the certificate:
    delete from kv_certificate where key = 'Certificate.thumbprint';


    Examples:     

    Note:     Replace Certificate.thumbprint with the key noted in step 4.
    # delete from kv_certificate where key = 'Certificate.xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';

  6. Run this command to exit the database:
    \q

Alternatively, follow the below steps:

  1. Log in to the Aria Operations UI.

  2. Navigate to Administration > Integrations.

  3. Locate and Edit the adapter instance which is having the certificate issue.

  4. Click on Test Connection (or Validate).

  5. Accept the new certificate if prompted and click Save.

  6. Once the adapter cache is refreshed, navigate back to the certificate management section and delete the expired self-signed certificate.

Additional Information

If the adapter no longer exists in the environment, the certificate cannot be removed from the UI, and the expired certificate banner may continue to appear on the UI.  
Another option is deleting directly from the database. Once removed from the database, the expired certificate will disappear after refreshing the UI. Please see the steps under resolution.

Powered by Wolken Software