Hi,
Does anyone have the up to date instructions on how to replace certificates on vCloud Usage Meter v4.2 ?
I need to swap the self-signed cert for an enterprise CA signed one.
KB 2047572 has not yet been updated to cover v4.2 - VMware Knowledge Base
A start would be the latest keystore password; as silverpen no longer works.
Many Thanks in advance.
M
Usage Meter 4.2 manages certificates completely differently than Usage Meter 3.6, so the old Knowledge Base article is not going to be updated. Instead, see this new article written specifically for 4.2: VMware Knowledge Base
Note that you will need to repeat these steps in the future when you upgrade from 4.2 to a new version of Usage Meter.
Usage Meter 4.2 manages certificates completely differently than Usage Meter 3.6, so the old Knowledge Base article is not going to be updated. Instead, see this new article written specifically for 4.2: VMware Knowledge Base
Note that you will need to repeat these steps in the future when you upgrade from 4.2 to a new version of Usage Meter.
Thank you davidflanagan.
I had looked for a new KB specific to v4.x, but did not find it. 🙂
There is a subtle difference in the current Google search returns, depending on whether I include the word "vCloud" or not :smileyconfused:
A search for VMware vCloud Usage Meter 4.2 Certificate returns the old v2.x & v3. KB 2047572
Where as a search for VMware Usage Meter 4.2 Certificate returns the new v4.x KB 79939
The new KB steps worked perfectly!
Cheeky follow up question. If I want to import my Enterprise root & intermediate CA certificates, so that Usage Meter trusts my vCenter Server's / NSX-T Manager's certificate chains; can I simply import each CA certificate into /etc/ssl/certs as .pem files and run c_rehash?
Thank you so much for your help.
M
That's unfortunate that Google makes it hard to find the current KB article...
As for your followup question: we don't support that. At the advice of our security engineers, Usage Meter uses a certificate pinning implementation rather than relying on a chain of trust. So even if you did install your root and intermediate certificates (they would have to be installed in Java's cacerts,jks keystore, not in the /etc/ssl/certs/ directory) we would still ask you to manually verify the certificate for every product you installed. Sorry for the inconvenience.
Thanks again davidflanagan
Perhaps VMware needs its own search engine - VMoogle 🙂
Ref: the root and intermediate CA certificate import; It was a just a thought and I really appreciate the explanation why it wouldn't work.
Cheers,
M