After you replace the certificate of vRealize Log Insight in Region A, you update log forwarding from vRealize Log Insight in Region B to vRealize Log Insight in Region A.

Procedure

  1. Copy the certificate PEM file for vRealize Log Insight in Region A to the root directory of vrli-mstr-01.sfo01.rainpole.local.
    1. Use the scp command, FileZilla, or WinSCP to connect to vrli-mstr-01.sfo01.rainpole.local
    2. Log in using the following credentials.

      Setting

      Value

      user name

      root

      Password

      vrli_regionA_root_password

    3. Navigate to the \root directory on vrli-mstr-01.sfo01.rainpole.local.
    4. Copy the certificate PEM file vrli.sfo01.2.chain.pem on your computer to the \root directory on the master node. Overwrite any existing file with the same name.
  2. Import the root certificate in the Java keystore on each vRealize Log Insight node in Region B.
    1. Open an SSH session and go to the vRealize Log Insight node.

      Name

      Role

      vrli-mstr-51.lax01.rainpole.local

      Master node

      vrli-wrkr-51.lax01.rainpole.local

      Worker node 1

      vrli-wrkr-52.lax01.rainpole.local

      Worker node 2

    2. Log in using the following credentials.

      Name

      Role

      User name

      root

      Password

      vrli_regionB_root_password

    3. Using scp, remotely copy the the SSL certificate from the master node in Region A.
      scp root@vrli-mstr-01.sfo01.rainpole.local:/root/vrli.sfo01.2.chain.pem /root/vrli.sfo01.2.chain.pem
    4. When prompted to accept the certificate, type yes.
    5. When prompted for the root password, type the following

      Setting

      Value

      User name

      root

      Password

      vrli_regionA_root_password

    6. Convert the vrli.sfo01.2.chain.pem file into a vrli.sfo01.2.chain.crt file:
      openssl x509 -in /root/vrli.sfo01.2.chain.pem -inform PEM -out /root/vrli.sfo01.2.chain.crt 
    7. Import the vrli.sfo01.2.chain.crt in the Java keystore of the vRealize Log Insight node.
      cd /usr/java/default/lib/security/ 
      
      ../../bin/keytool -import -alias loginsight -file /root/vrli.sfo01.2.chain.crt -keystore cacerts
    8. When prompted for a keystore password, type changeit.
    9. When prompted to accept the certificate, type yes.
    10. Repeat this operation on all vRealize Log Insight nodes and restart them.
  3. Log in to the vRealize Log Insight user interface.
    1. Open a Web browser and go to https://vrli-cluster-51.lax01.rainpole.local.
    2. Log in using the following credentials.

      Setting

      Value

      User name

      admin

      Password

      vrli_admin_password

  4. In the vRealize Log Insight user interface, click the configuration drop-down menu icon  and select Administration.
  5. Under Management, click Event Forwarding.
  6. On the Event Forwarding page, select LAX01 to SFO01 and click the Edit icon.
  7. In the Edit Destination dialog box, click Test to verify that the connection settings are correct.
  8. Click Save to save the forwarding new destination.