VMware Cloud Community
NXS_Devops
Contributor
Contributor

custom-cert change problem on vRealize Network Insight UI platform.

Hi everybody,

I need to put a custom SSL certificate on the VRNI UI platform appliance.

I have followed the procedure and I can see the .crt and .key files with the custom-cert input.

(cli) custom-cert list

vrni.crt

vrni.key

But, it's like the both files are not there.

(cli) custom-cert display

No file with .crt extension found

(cli) custom-cert apply

Failed to find cert file

The .key file is in RSA format and .crt in PKCS12.

Is there another prerequisite ?

Patrice

Reply
0 Kudos
4 Replies
trinhv
VMware Employee
VMware Employee

Hi Patrice,

Could you tell me what documentation you followed ?

Could you also print me the first lines of your key file ? There was a known issue about the format of the key file which would make vRNI not to validate.

Thank you !

Regards,

Kevin

Reply
0 Kudos
pottetiv
Contributor
Contributor

seems i have similar issue
(cli) custom-cert apply
Failed to find key file

validation .. i used same KB - 2148128

.key: ASCII text 

.crt: PEM certificate

Reply
0 Kudos
Lalegre
Virtuoso
Virtuoso

Hello @NXS_Devops,

Some questions:

1. Have you added the FQDN on the SAN and Common name?

2. Is the certificate and key in Base64 encode?

3. Does the certificate contain the full chain? Server -> IntermediateCA -> RootCA?

Have you followed this procedure: https://kb.vmware.com/s/article/2148128?

Tags (1)
Reply
0 Kudos
AlonOr
Contributor
Contributor

I was going to give up on this, tried official guide https://kb.vmware.com/s/article/2148128 and many other guides and still no joy, it still complained "Failed to find key file".

Found another guide at https://harrythambi.com/posts/vrni/2022-08-14-replacing-certificates-for-vmware-vrealize-network-ins... , it seems the difference is that there is a step to “fix” the headers in the key file, by running the following commands:

sed -i 's/-----BEGIN PRIVATE KEY-----/-----BEGIN RSA PRIVATE KEY-----/g' vrni_key.key
sed -i 's/-----END PRIVATE KEY-----/-----END RSA PRIVATE KEY-----/g' vrni_key.key

Before that fix , when I tested the key file with "file vrni_key.key" it was showing "ASCII text", only after fixing headers it showed "PEM RSA private key".

There seems to be a bug in certain versions of OpenSSL where the file type of an RSA Private key shows to be "ASCII text", funny thing is that even when you generate the key in VRNI 6.10.0.1680883302 it still has this bug and the headers need to be fixed for the key to be valid.