certificate of FQDN has expired when attempting to add a product into the usage meter, specifically when using Sectigo signed certificates.

Posted on by Nithin Titta

When attempting to add a product to usage meter, the product migth fail to add if it has a certificate signed by sectigo

Cause: https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020

Resolution: Import root certificates to the appliance java keystone.

Steps:
* take a snapshot of the appliance
* ssh to usage meter appliance
* change user to root 

su root


* create or import the root certificate to the appliance 

curl https://crt.sh/?d=1199354 >  /home/usagemeter/root.crt

Note: if you have a different CA provider, replace the below with the path to download the root certificate or simply scp the certificate to the UM appliance.

import the certificates (run the command as it is if the root is placed in /home/usagemeter/root.crt

keytool -import -trustcacerts -file /home/usagemeter/root.crt -alias USERTRUST -keystore /usr/java/jre-vmware/lib/security/cacerts

Note: Default keystore password is 

changeit

on successfull import, you should see

now, go ahead and add the product back in to usage meter:

Note: when adding vCD, Please ensure that you add the endpoint in the format https://FQDN, IE: https://vcd.ntitta.in

Troubleshooting (show fill certificate chain, check the validity of the last certificate. ): 

openssl s_client -showcerts -connect vcsa.ntitta.lab:443

Photon Os, .local domains do not resolve

Posted on by Nithin Titta

VMware appliance running on photon os has mdns setup, basically due to this, certain domain extensions like .local will not be forwarded to the DNS servers for DNS resolution.

Detailed information on these top-level domains can be found here: https://en.wikipedia.org/wiki/Multicast_DNS

Should your setup have .local domains then you must edit /etc/systemd/resolved.conf and add your domain field there: