Friday, February 27, 2015

Chargeback Certificate expired

 One of the most common settings I’ve seen on vCenter Chargeback Manager implementation is the utilization of the self signed certification.
I might be due to the certification process being so easy and simple or may be because it’s targeted to internal users that they just don’t bother replacing it for a valid certification.

One of the characteristics of Chargeback self signed certification is it’s duration. By default it’s valid for only 60 days. Meaning that you need to replace it every other month or you start having connection problems, like me : (

My scheduled reports were failing on vRealize Orchestrator with error: Cannot execute query: CertificateExpiredException
To put an end on certificate replaced nightmare, I decided to increase the duration period.
The nice tool that generates and replaces Chargeback’s self signed certification is just a simple script located at: C:\Program Files (x86)\VMware\VMware vCenter Chargeback\Apache2.2\bin

The script is called Generate_Ssl_Certificate

 Edit it and find the following line:

Replace the –days 60 to –days (whatever you want)

echo "Generating a Self-Signed Certificate"...
openssl.exe x509 -req -days 60 -in default.csr -signkey default.key -out default.cert
if not %ERRORLEVEL%==0 goto :error

I made mine yearly

echo "Generating a Self-Signed Certificate"...
openssl.exe x509 -req -days 365 -in default.csr -signkey default.key -out default.cert
if not %ERRORLEVEL%==0 goto :error

Now you just need to regenerate it as usual.
Run Generate SSL Certificate

And follow the steps on the screen

How long do you make your certification validation ???

No comments:

Post a Comment

Who am I

My photo
I’m an IT specialist with over 15 years of experience, working from IT infrastructure to management products, troubleshooting and project management skills from medium to large environments. Nowadays I'm working for VMware as a Consulting Architect, helping customers to embrace the Cloud Era and make them successfully on their journey. Despite the fact I'm a VMware employee these postings reflect my own opinion and do not represents VMware's position, strategies or opinions. Reach me at @dumeirell

Most Viewed Posts

Blog Archive