Thursday, November 7, 2019

The vRealize Operations SSL Certificate Expiration Issue


[UPDATE #2 Nov. 18 2019] The KB is available again. Please subscribe to the KB for updates regarding the available .pak files, and engage VMware GSS if you have further questions/concerns.

[UPDATE #1 Nov. 18 2019] The linked KB article below has been pulled from public consumption due to an issue found in the mentioned .pak file. I will update this post as soon as the KB is re-published, or a new article is posted.

The VMware Product team has been notifying customers about an issue that could potentially impact your vROPs instance, causing the tool to become inoperable. See the notice and summary below. The key take away here is the initial install date. Please reference VMware KB 71018 for more information and steps to remediate.

The notice states, "Customers that have installed vRealize Operations v6.x and above may be impacted by the internal SSL Gemfire certificate expiration on November 19, 2019. The internal certificates for vRealize Operations Manager are set to expire five years after its initial installation. For example, if vRealize Operations 6.0.0 was installed on November 19, 2014, and incrementally upgraded to later versions, the internal SSL certificate will expire on November 19, 2019.

There is a required PAK file update that has been released for customers running vRealize Operations v6.x and above that renews the certificate to prevent it from going into system inoperability."

To summarize:
  • All vROPs instance 6.0 and newer are impacted
  • There is no fix for versions 6.0 - 6.2. You must upgrade to 6.3 or higher.
  • The internal Gemfire SSL cert expires 5 years after the initial install of vROPs. The first of these will start happening November 19th. 
  • When the cert expires, you cannot view any data, though collections will continue to run.
  • Upgrades to vROPs have no impact on the cert, so the initial expiration date will still apply, even if you've upgraded vROPs several times since installation.
Share: