Update – 11/15/16 – vRealize Log Insight 4.0 – “Support for custom SSL certificates in the vCenter Server edition.” They added this to the GUI in 4.0 when using a vcenter key.
You have a .pfx file that contains the server private key, Server Certificate, Intermediate Certificate and Root Certificate that is password protected. How to obtain this file is not the scope of the post. There are many ways to obtain this file.
Use case – command line way to upload a cert from you internal Certificate Authority with the Root+Intermediate chained + the command line way to roll back to the out of the box self-signed cert.
This is NOT a workaround to break your EULA for the watered down version of Log Insight when used with a vCenter product key.
Make sure to take snapshot of the VM before doing this. (I prefer snapshots while powered off)
Download Win32 OpenSSL v1.1.0b Light
Move your log.lab.com.pfx into C:OpenSSL-Win32bin>
Open a command prompt as admin in C:OpenSSL-Win32bin> and run:
openssl.exe pkcs12 -in log.lab.com.pfx -out log.lab.com.pem -nodes
The goal is to remove all of the human readable text between
—–BEGIN CERTIFICATE—–
—–END CERTIFICATE—–
In my case, delete lines:
1-6
35-38
72-74
96-98
Save the .pem file.
Have each of the 4 “chucks” in the .pem file have to be in the following order:
Server Private Key
Server Certificate
Intermediate Certificate
Root Certificate
You can copy each of the
—–BEGIN CERTIFICATE—–
—–END CERTIFICATE—–
into 3 new files ending with .cer and open the file in windows to validate.
Ex. lines 29-61
WinSCP the pem file to /tmp/
SSH into the VM. Run the following command replaceing log.lab.com.pem with the name of your .pem file.
/opt/vmware/bin/./li-ssl-cert.sh –upload /tmp/log.lab.com.pem –force
Wait 2 mins and open the url in a new tab.
Revert back to the out of the box self-signed cert.
/opt/vmware/bin/./li-ssl-cert.sh –restore –force
Emergency rollback. Shut down and revert to your snapshot.
