certificate of FQDN has expired when attempting to add a product into the usage meter, specifically when using Sectigo signed certificates.

When attempting to add a product to usage meter, the product migth fail to add if it has a certificate signed by sectigo

Cause: https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020

Resolution: Import root certificates to the appliance java keystone.

Steps:
* take a snapshot of the appliance
* ssh to usage meter appliance
* change user to root

su root


* create or import the root certificate to the appliance

curl https://crt.sh/?d=1199354 >  /home/usagemeter/root.crt

Note: if you have a different CA provider, replace the below with the path to download the root certificate or simply scp the certificate to the UM appliance.

import the certificates (run the command as it is if the root is placed in /home/usagemeter/root.crt

keytool -import -trustcacerts -file /home/usagemeter/root.crt -alias USERTRUST -keystore /usr/java/jre-vmware/lib/security/cacerts

Note: Default keystore password is

changeit

on successfull import, you should see

now, go ahead and add the product back in to usage meter:

Note: when adding vCD, Please ensure that you add the endpoint in the format https://FQDN, IE: https://vcd.ntitta.in

Troubleshooting (show fill certificate chain, check the validity of the last certificate. ):

openssl s_client -showcerts -connect vcsa.ntitta.lab:443