If you experience issues with your custom web certificate which has been installed from the Admin UI, you can try the following:
Log into the Master node as root via SSH or Console, pressing ALT+F1 in a Console to log in.
For vRealize Operations 8.x run the following commands to reload your custom certificate:
unset -f pathprepend unset -f pathremove unset -f pathappend $VMWARE_PYTHON_BIN /usr/lib/vmware-casa/bin/activate_web_certificate.py CUSTOM $VMWARE_PYTHON_BIN /usr/lib/vmware-vcopssuite/utilities/bin/restartHttpd.py
Note: The unset commands are required as a result of the python version differences from 6.x/7.x to 8.x to avoid errors similar to:
bash: error importing function definition for `pathprepend' bash: pathremove: line 1: syntax error: unexpected end of file bash: error importing function definition for `pathremove' bash: pathappend: line 1: syntax error: unexpected end of file the below errors
Repeat steps 1 – 2 on all nodes in the vRealize Operations cluster.
If it doesn’t help, you can reset to the previous default certificate. Just run the following commands to reload the default certificate:
unset -f pathprepend unset -f pathremove unset -f pathappend $VMWARE_PYTHON_BIN /usr/lib/vmware-casa/bin/activate_web_certificate.py CUSTOM $VMWARE_PYTHON_BIN /usr/lib/vmware-vcopssuite/utilities/bin/restartHttpd.py
Sometimes is difficult to create a custom certificate PEM file that is compatible with vRealize Operations because the certificate file format requirements are very specific.
In order to check, validate or even fix your custom certificate you can use the custom certificate tool (vropsCertificateTool.py) located here /usr/lib/vmware-casa/bin/.
First, navigate to /storage/vcops/user/conf/ssl and list your files:
cd /storage/vcops/user/conf/ssl
ls
now validate the input files (certificate, key, and chain) with the following command:
$VMWARE_PYTHON_BIN /usr/lib/vmware-casa/bin/vropsCertificateTool.py --infile web_cert.pem --infile web_key.pem --infile web_chain.pem
or to validate the complete certificate try the following command:
$VMWARE_PYTHON_BIN /usr/lib/vmware-casa/bin/vropsCertificateTool.py --infile uploaded_cert.pem
With the vropsCertificateTool.py you can also do the following:
- assemble a multiple-part PEM file from separate parts:
$VMWARE_PYTHON_BIN vropsCertificateTool.py -i CustomChain.pem -i CustomCert.pem -i CustomKey.pem --fix --outfile uploaded_cert.pem
- Repair a multiple-part PEM file:
$VMWARE_PYTHON_BIN vropsCertificateTool.py --infile broken.pem --fix --outfile fixed.pem
- Add a missing certificate to a multiple-part PEM file:
$VMWARE_PYTHON_BIN vropsCertificateTool.py --fix --infile partial.pem --infile ca.pem --outfile uploaded_cert.pem
- Discover what is in a PEM file:
$VMWARE_PYTHON_BIN vropsCertificateTool.py --describe --infile uploaded_cert.pem