Replace the Certificate to vRealize Log Insight in Region B

After you generate the PEM certificate chain file that contains the own certificate, the signer certificate and the private key file, upload the certificate chain to vRealize Log Insight in Region B.

Procedure

1. Log in to the vRealize Log Insight user interface.

   1. Open a Web browser and go to https://vrli-cluster-51.lax01.rainpole.local.
   2. Log in using the following credentials. |Setting|Value| |:------|:----| |User name|admin| |Password|vrli_admin_password|

2. In the vRealize Log Insight UI, click the configuration drop-down menu icon and select Administration.

3. Under Configuration, click SSL.

4. On the SSL Configuration page, next to New Certificate File (PEM format) click Choose File, browse to the location of the vrli.lax01.2.chain.pem file on your computer, and click Save.

   |Certificate Generation Option|Certificate File| |:----------------------------|:---------------| |Using the CertGenVVD tool|vrli.lax01.2.chain.pem| |Manual Generation|vrli-lax01.chain.pem|

   The certificate is uploaded to vRealize Log Insight.

5. Import the certificate into the Java Keystore on each vRealize Log Insight node.

   1. Open an SSH session and go each of the vRealize Log Insight nodes. |Name|Role| |:---|:---| |vrli-mstr-51.lax01.rainpole.local|Master node| |vrli-wrkr-51.lax01.rainpole.local|Worker node 1| |vrli-wrkr-52.lax01.rainpole.local|Worker node 2|

   2. Log in using the following credentials. |Setting|Value| |:------|:----| |Username|root| |Password|vrli_root_password|

   3. Convert the on-disk vrli.sfo01.2.chain.pem file into a vrli.lax01.2.chain.crt file.

      {.pre .codeblock} openssl x509 -in /root/vrli.lax01.2.chain.pem -inform PEM -out /root/vrli.lax01.2.chain.crt

   4. Import the vrli.sfo01.2.chain.crt into the Java Keystore:

      {.pre .codeblock} cd /usr/java/default/lib/security/ ../../bin/keytool -import -alias loginsight -file /root/vrli.lax01.2.chain.crt -keystore cacerts

   5. When prompted for a keystore password, type changeit.

   6. When prompted to accept the certificate, type yes.
   7. Repeat this operation on all vRealize Log Insight nodes until complete.

6. In a Web browser, go to https://vrli-cluster-51.lax01.rainpole.local.

   A warning message that the connection is not trusted appears.

7. To review the certificate, click the padlock icon in the address bar of the browser, and verify that the Subject Alternative Name contains the names of the vRealize Log Insight cluster nodes.

8. Import the certificate in your Web browser.

   For example, in Google Chrome under the HTTPS/TLS settings click the Manage certificates button, and in the Certificates dialog box import vrli.lax01.2.chain.pem.

   You can also use Certificate Manager on Windows or Keychain Access on MAC OS X.

Parent topic: Replace Certificates of the Operations Management Components in Region B