Just Another IT Blog

It's time to share some of my experiences, crazy ideas, tips and tricks !!!

Post Page Advertisement [Top]

 One of the most common settings I’ve seen on vCenter Chargeback Manager implementation is the utilization of the self signed certification.
I might be due to the certification process being so easy and simple or may be because it’s targeted to internal users that they just don’t bother replacing it for a valid certification.

One of the characteristics of Chargeback self signed certification is it’s duration. By default it’s valid for only 60 days. Meaning that you need to replace it every other month or you start having connection problems, like me : (

My scheduled reports were failing on vRealize Orchestrator with error: Cannot execute query: CertificateExpiredException
To put an end on certificate replaced nightmare, I decided to increase the duration period.
The nice tool that generates and replaces Chargeback’s self signed certification is just a simple script located at: C:\Program Files (x86)\VMware\VMware vCenter Chargeback\Apache2.2\bin

The script is called Generate_Ssl_Certificate

 Edit it and find the following line:

Replace the –days 60 to –days (whatever you want)

echo "Generating a Self-Signed Certificate"...
openssl.exe x509 -req -days 60 -in default.csr -signkey default.key -out default.cert
if not %ERRORLEVEL%==0 goto :error

I made mine yearly

echo "Generating a Self-Signed Certificate"...
openssl.exe x509 -req -days 365 -in default.csr -signkey default.key -out default.cert
if not %ERRORLEVEL%==0 goto :error

Now you just need to regenerate it as usual.
Run Generate SSL Certificate

And follow the steps on the screen

How long do you make your certification validation ???

Bottom Ad [Post Page]