Recovering from expired certificates on vRo (vRealize orchestrator)- cli methord

So the other day the vRo certificates had expired. We tried to change it from the vco-control center, after importing the certificates, vRo UI would simply stay there stating restarting in 2 min but nothing happens.

to replace the certificate’s via CLI

Grab the Keystore password

cat  /var/lib/vco/keystore.password
Pge2Nn366tNBqNavkgg6VZOHJuWmkIHAEPNq1DYu

Generate CSR using key tool

keytool -certreq -alias dunes -keypass "Pge2Nn366tNBqNavkgg6VZOHJuWmkIHAEPNq1DYu" -keystore "/etc/vco/app-server/security/jssecacerts" -file "/crt/new.csr" -storepass "Pge2Nn366tNBqNavkgg6VZOHJuWmkIHAEPNq1DYu" -ext SAN=DNS:vip.domain.com,DNS:vro1.domain.com,DNS:vro2.domain.com

Grab the /crt/new.csr and get this signed using the CA, Import the signed cert back into vRo and then import the certificate

keytool -importcert -alias dunes -keypass "Pge2Nn366tNBqNavkgg6VZOHJuWmkIHAEPNq1DYu" -file "/crt/casigned.crt" -keystore "/etc/vco/app-server/security/jssecacerts" -storepass "Pge2Nn366tNBqNavkgg6VZOHJuWmkIHAEPNq1DYu"

Restart Services

service vco-server restart && service vco-configurator restart

Now, copy the signed certificate over to node2 and then run the import command (grab the keystore password from /var/lib/vco/keystore.password)

keytool -importcert -alias dunes -keypass "AzW2gI1QJcNcRNzRX3TyrznhKlYNagKje45fTbSB" -file "/crt/casigned.crt" -keystore "/etc/vco/app-server/security/jssecacerts" -storepass "AzW2gI1QJcNcRNzRX3TyrznhKlYNagKje45fTbSB"

Restart services and you are done!!

service vco-server restart && service vco-configurator restart

Leave a Reply

Your email address will not be published. Required fields are marked *