top of page

How to renew vROps Expired Internal Cert

Issue keeps on loading with message “Data Retriever is not initialized yet. Please wait…

VMware KB Reference:


- Login your VMware Account

- Download below Cert ( File name .PAK )

Note: Select 8.2.0 for vRealize Operations 8.2 or later or select 8.0.0 for vRealize Operations 6.3 - 8.1.1 as the Version.


Note: The 6.3 - 8.1.1 file name indicates 8.0.0 but it will work for vRealize Operations 6.x and 7.x.


- This is the file “vRealize_Operations_Manager_Enterprise_Certificate_Renewal-8.0.0.15217416.pak

To Check Internal Cert if expired through command or Browser in UI:

- Login SSH ( root )

- Type Below Command to see the Internal Cert Expiration


/bin/grep -E --color=always -B1 'java.security.cert.CertPathValidatorException: validity check failed|java.security.cert.CertificateExpiredException' $ALIVE_BASE/user/log/*.log | /usr/bin/tail -20

- Login to vROPS UI in any Browser

- The below example I use Firefox

- Click the Lock icon > in Connection click the right arrow highlighted with color yellow

- Now you can see the Internal Cert Expiration

Steps to renew or replace the expired internal cert:

- Login to vRealize Operations Manager Administration as admin

- Bring Cluster to Offline


- Login to WINSCP

- Upload the Cert file .PAK to /tmp/ path

- Login to SSH ( root )

- Run below command to make the necessary directories

mkdir -p /data/db/pakRepoLocal/vRealize_Operations_Manager_Enterprise_Certificate_Renewal/extracted

- Run below command to unzip the vRealize Operations Certificate Renewal PAK file

unzip /tmp/vRealize_Operations_Manager_Enterprise_Certificate_Renewal-build.pak -d /data/db/pakRepoLocal/vRealize_Operations_Manager_Enterprise_Certificate_Renewal/extracted

- Run this command to generate new cert

$VMWARE_PYTHON_BIN /data/db/pakRepoLocal/vRealize_Operations_Manager_Enterprise_Certificate_Renewal/extracted/updateCoordinator.py EXPIRED

- Run below command to provide or apply permissions ( Just Copy and Paste )

chown admin:admin -R /storage/vcops/user/conf/ssl/ /storage/vcops/user/conf/ssl_bak/ /storage/db/casa/webapp/hsqldb/

chown -h root:root /storage/vcops/user/conf/ssl/web_cert.pem /storage/vcops/user/conf/ssl/web_chain.pem /storage/vcops/user/conf/ssl/web_key.pem

chmod guo+r -R /storage/vcops/user/conf/ssl/

chmod 444 /storage/vcops/user/conf/ssl/cacert.pem /storage/vcops/user/conf/ssl/slice_*_cert.pem

chmod 400 /storage/vcops/user/conf/ssl/cakey.pem /storage/vcops/user/conf/ssl/slice_*_cert.pfx /storage/vcops/user/conf/ssl/slice_*_key.pem

chmod 640 /storage/vcops/user/conf/ssl/tcserver.keystore

service vmware-casa restart

service vmware-vcops stop

sed -i 's/sliceonline\ \=\ true/sliceonline\ \=\ false/g' /usr/lib/vmware-vcopssuite/utilities/sliceConfiguration/data/roleState.properties

- Run below command to Stop, Start and Restart the Services by sequence

service vmware-casa stop

sed -i -e 's/\"onlineState\"\:\"GOING\_OFFLINE\"/\"onlineState\"\:\"OFFLINE\"/g' -e 's/\"online\_state\"\:\"GOING\_OFFLINE\"/\"online\_state\"\:\"OFFLINE\"/g' -e 's/\"onlineState\"\:\"GOING\_ONLINE\"/\"onlineState\"\:\"OFFLINE\"/g' -e 's/\"online\_state\"\:\"GOING\_ONLINE\"/\"online\_state\"\:\"OFFLINE\"/g' -e 's/\"onlineState\"\:\"ONLINE\"/\"onlineState\"\:\"OFFLINE\"/g' -e 's/\"online\_state\"\:\"ONLINE\"/\"online\_state\"\:\"OFFLINE\"/g' -e 's/\"onlineState\"\:\"FAILURE\"/\"onlineState\"\:\"OFFLINE\"/g' -e 's/\"online\_state\"\:\"FAILURE\"/\"online\_state\"\:\"OFFLINE\"/g' /data/db/casa/webapp/hsqldb/casa.db.script

service vmware-casa start

service vmware-vcops-web restart

/etc/init.d/apache2 restart

- Now login to the ADMIN console ( https://vROPS.vmware.local/admin )

- Bring Cluster to Online by click the blue button

- Now it’s going online. Wait to finish

- Once Completed you will see below screen That Nodes Running fine and Cluster is online

- Now loin to UI using your Domain Account or Local Account ( https://vROPS.vmware.local/ui )


- Now vROPS is up and running


Comments


bottom of page