Highlighted
Enthusiast
Enthusiast

vCloud Usage Meter v4.2 Certificate Replacement

Jump to solution

Hi,

Does anyone have the up to date instructions on how to replace certificates on vCloud Usage Meter v4.2 ?

I need to swap the self-signed cert for an enterprise CA signed one.

KB 2047572 has not yet been updated to cover v4.2 - VMware Knowledge Base

A start would be the latest keystore password; as silverpen no longer works.

Many Thanks in advance.

M

1 Solution

Accepted Solutions
Highlighted
VMware Employee
VMware Employee

Usage Meter 4.2 manages certificates completely differently than Usage Meter 3.6, so the old Knowledge Base article is not going to be updated. Instead, see this new article written specifically for 4.2: VMware Knowledge Base

Note that you will need to repeat these steps in the future when you upgrade from 4.2 to a new version of Usage Meter.

View solution in original post

4 Replies
Highlighted
VMware Employee
VMware Employee

Usage Meter 4.2 manages certificates completely differently than Usage Meter 3.6, so the old Knowledge Base article is not going to be updated. Instead, see this new article written specifically for 4.2: VMware Knowledge Base

Note that you will need to repeat these steps in the future when you upgrade from 4.2 to a new version of Usage Meter.

View solution in original post

Highlighted
Enthusiast
Enthusiast

Thank you davidflanagan​.

I had looked for a new KB specific to v4.x, but did not find it. 🙂

There is a subtle difference in the current Google search returns, depending on whether I include the word "vCloud" or not :smileyconfused:

A search for VMware vCloud Usage Meter 4.2 Certificate returns the old v2.x & v3. KB 2047572

pastedImage_1.png

Where as a search for VMware Usage Meter 4.2 Certificate returns the new v4.x KB 79939

pastedImage_2.png

The new KB steps worked perfectly!

Cheeky follow up question. If I want to import my Enterprise root & intermediate CA certificates, so that Usage Meter trusts my vCenter Server's / NSX-T Manager's certificate chains; can I simply import each CA certificate into /etc/ssl/certs as .pem files and run c_rehash?

Thank you so much for your help.

M

0 Kudos
Highlighted
VMware Employee
VMware Employee

That's unfortunate that Google makes it hard to find the current KB article...

As for your followup question: we don't support that. At the advice of our security engineers, Usage Meter uses a certificate pinning implementation rather than relying on a chain of trust. So even if you did install your root and intermediate certificates (they would have to be installed in Java's cacerts,jks keystore, not in the /etc/ssl/certs/ directory) we would still ask you to manually verify the certificate for every product you installed. Sorry for the inconvenience.

Highlighted
Enthusiast
Enthusiast

Thanks again davidflanagan

Perhaps VMware needs its own search engine - VMoogle 🙂

Ref: the root and intermediate CA certificate import; It was a just a thought and I really appreciate the explanation why it wouldn't work.

Cheers,

M

0 Kudos