VMware Aria

 View Only
  • 1.  custom-cert change problem on vRealize Network Insight UI platform.

    Posted Feb 20, 2017 02:27 PM

    Hi everybody,

    I need to put a custom SSL certificate on the VRNI UI platform appliance.

    I have followed the procedure and I can see the .crt and .key files with the custom-cert input.

    (cli) custom-cert list

    vrni.crt

    vrni.key

    But, it's like the both files are not there.

    (cli) custom-cert display

    No file with .crt extension found

    (cli) custom-cert apply

    Failed to find cert file

    The .key file is in RSA format and .crt in PKCS12.

    Is there another prerequisite ?

    Patrice



  • 2.  RE: custom-cert change problem on vRealize Network Insight UI platform.

    Broadcom Employee
    Posted Apr 26, 2017 08:20 AM

    Hi Patrice,

    Could you tell me what documentation you followed ?

    Could you also print me the first lines of your key file ? There was a known issue about the format of the key file which would make vRNI not to validate.

    Thank you !

    Regards,

    Kevin



  • 3.  RE: custom-cert change problem on vRealize Network Insight UI platform.

    Posted Apr 24, 2023 02:12 PM

    seems i have similar issue
    (cli) custom-cert apply
    Failed to find key file

    validation .. i used same KB - 2148128

    .key: ASCII text 

    .crt: PEM certificate



  • 4.  RE: custom-cert change problem on vRealize Network Insight UI platform.

    Posted Apr 24, 2023 03:21 PM

    Hello ,

    Some questions:

    1. Have you added the FQDN on the SAN and Common name?

    2. Is the certificate and key in Base64 encode?

    3. Does the certificate contain the full chain? Server -> IntermediateCA -> RootCA?

    Have you followed this procedure: https://kb.vmware.com/s/article/2148128?



  • 5.  RE: custom-cert change problem on vRealize Network Insight UI platform.

    Posted Jul 25, 2023 09:43 AM

    I was going to give up on this, tried official guide https://kb.vmware.com/s/article/2148128 and many other guides and still no joy, it still complained "Failed to find key file".

    Found another guide at https://harrythambi.com/posts/vrni/2022-08-14-replacing-certificates-for-vmware-vrealize-network-insight/ , it seems the difference is that there is a step to “fix” the headers in the key file, by running the following commands:

    sed -i 's/-----BEGIN PRIVATE KEY-----/-----BEGIN RSA PRIVATE KEY-----/g' vrni_key.key
    sed -i 's/-----END PRIVATE KEY-----/-----END RSA PRIVATE KEY-----/g' vrni_key.key

    Before that fix , when I tested the key file with "file vrni_key.key" it was showing "ASCII text", only after fixing headers it showed "PEM RSA private key".

    There seems to be a bug in certain versions of OpenSSL where the file type of an RSA Private key shows to be "ASCII text", funny thing is that even when you generate the key in VRNI 6.10.0.1680883302 it still has this bug and the headers need to be fixed for the key to be valid. 



  • 6.  RE: custom-cert change problem on vRealize Network Insight UI platform.

    Broadcom Employee
    Posted Dec 08, 2024 10:03 PM

    Thank you AlonOr, this worked for me