To update the vSphere Replication Cloud Service host certificate, you generate a new one and import it to all connected Cassandra instances.

About this task

Note:

You cannot perform any replication management operations while you are performing the steps in the current procedure.

Procedure

  1. Run the following command on the vCloud Availability Installer Appliance to verify that you are replacing the correct vSphere Replication Cloud Service host certificate.
    # vcav hcs print-certificate --hcs-address=hcs-IP-address

    The following information is displayed.

    Issued By: 10.192.43.10
    Common Name: 10.192.43.10
    Fingerprint: 2A:65:4A:EC:63:BA:2F:36:EA:DF:CA:5E:A3:6F:46:98:D8:73:F4:C2
    Start Date: 2016-12-15 01:07:16
    End Date: 2021-12-14 01:07:16

    Write down the Fingerprint of the certificate. You need it to replace the certificate in the next step.

  2. Replace the vSphere Replication Cloud Service host certificate by running the following command.
    # vcav hcs replace-certificate --hcs-address=hcs-IP-address \
    --thumbprint=2A:65:4A:EC:63:BA:2F:36:EA:DF:CA:5E:A3:6F:46:98:D8:73:F4:C2

    The system displays an OK message.

  3. Verify that the replacement operation completed successfully by running the following command.
    # vcav hcs print-certificate --hcs-address=hcs-IP-address

    The system displays the following information.

    Issued By: 10.192.43.10
    Common Name: 10.192.43.10
    Fingerprint: E6:A8:5C:4E:B3:94:9E:D5:E8:30:25:A2:49:E6:21:8D:E7:22:6F:BA
    Start Date: 2016-12-15 12:55:12
    End Date: 2021-12-14 12:55:12

    The new Fingerprint value indicates that the certificate is successfully replaced. You can note down the new Fingerprint for future operations.

  4. Import the new vSphere Replication Cloud Service host certificate into all Cassandra hosts.

    Run the following command on every Cassandra host and for each vSphere Replication Cloud Service host.

    # vcav cassandra import-hcs-certificate --cassandra-address=$CASSANDRA_ADDRESS --hcs-address=$HCS01_ADDRESS

    If the command cannot find the Cassandra configuration file, you can specify the path to the file by adding the --cassandra-config-file=path-to-Cassandra-config-file.

  5. Reconfigure the vSphere Replication Cloud Service host by running the following command.

    Standard Command

    Command Using Registry

    # vcav hcs configure \
    --reconfigure
    --hcs-address=$HCS_ADDRESS \
    --amqp-password-file=~/.ssh/.amqp \
    --vcd-address=$VCD_ADDRESS \
    --vcd-user=$VCD_USER \
    --vcd-password-file=~/.ssh/.vcd \
    --sso-user=$SSO_USER \
    --sso-password-file=~/.ssh/.sso \
    # vcav hcs configure \
    --reconfigure
    --hcs-address=hcs-IP-address \
    --amqp-password-file=~/.ssh/.amqp \
    --vcd=vcd-01-name

    The system displays an OK message.

  6. Run the following command to verify that the hcs service starts successfully.

    Standard Command

    Command Using Registry

    # vcav hcs wait-for-extension \
    --hcs-address=$HCS01_ADDRESS \
    --vcd-address=$VCD_ADDRESS \
    --vcd-user=$VCD_USER \
    --vcd-password-file=~/.ssh/.vcd \
    --sso-user=$SSO_USER \
    --sso-password-file=~/.ssh/.sso \
    # vcav hcs wait-for-extension \
    --hcs-address=hcs-IP-address \
    --vcd=vcd-01-name

    If the hcs service starts successfully, the system displays an ОК message.

    If the system returns an error, or there is no output in 5 minutes, check the /opt/VMware/logs/hms/hcs.log file for errors.