Update VxRail Manager TLS Certificate
The VxRail Manager VM uses its own SSL certificate that eventually will expire. When this happens an alarm will be shown in vCenter: VXR028008 ALARM SSL certificate is within 30 days of expiring. The alarm has a reference to KB 00194212. However, this KB article only tells you to replace the certificate.
When you manually want to update the certificate click on Update Certificate and follow the wizard.
There are some caveats using this wizard:
– The private key file must be an RSA private key. When you create the CSR with OpenSSL:
openssl req -out certificate.csr -newkey rsa:2048 -nodes -keyout certificate.key -config request.cnf
you can convert the key with this command:
openssl rsa -in certificate.key -out certificate-rsa.key -traditional
Use the content of the file certificate-rsa.key in the box Private Key File Content. The Certificate Chain Content must have the root certificate on top and then the intermediate certificates if they are used.
Finally, you enter a password and valid vCenter credentials and click on update.
When I did this I got an error message: Error: Something went wrong with the VxRail Manager server that responded 500 unexpectedly. Check and try again later.
The reason for this error was that vCenter still had the old certificate thumbprint. Open the Summary page for the cluster and scroll to the Custom Attributes.
Click on Edit and change the thumbprint to the thumbprint of the new certificate.