One of the
most common settings I’ve seen on vCenter Chargeback Manager implementation is
the utilization of the self signed certification.
I might be
due to the certification process being so easy and simple or may be because
it’s targeted to internal users that they just don’t bother replacing it for a
valid certification.
One of the
characteristics of Chargeback self signed certification is it’s duration. By
default it’s valid for only 60 days. Meaning that you need to replace it every
other month or you start having connection problems, like me : (
My
scheduled reports were failing on vRealize Orchestrator with error: Cannot execute query:
CertificateExpiredException
To put an end on
certificate replaced nightmare, I decided to increase the duration period.
The nice
tool that generates and replaces Chargeback’s self signed certification is just
a simple script located at: C:\Program
Files (x86)\VMware\VMware vCenter Chargeback\Apache2.2\bin
The script
is called Generate_Ssl_Certificate
Edit it and
find the following line:
Replace the
–days 60 to –days (whatever you want)
:generatePublicKeyAndCopy
echo
"Generating a Self-Signed Certificate"...
openssl.exe
x509 -req -days 60 -in default.csr -signkey
default.key -out default.cert
if not
%ERRORLEVEL%==0 goto :error
I made mine
yearly
:generatePublicKeyAndCopy
echo
"Generating a Self-Signed Certificate"...
openssl.exe
x509 -req -days 365 -in default.csr -signkey
default.key -out default.cert
if not
%ERRORLEVEL%==0 goto :error
Now you
just need to regenerate it as usual.
Run
Generate SSL Certificate
And follow
the steps on the screen
How long do
you make your certification validation ???