Using Custom Certificates in Usage Meter 4.x
As we get to move on with customers and service providers asking to implement to use a secure web browser access to Usage Meter .The old versions of UM has methods to replace the certificates.
Beginning from 3.6.1 versions there is no official or supported methods to use a custom certificates for Usage Meter and we are still allowed with default certificates.
Recently we are receiving request from customer using their own internal or custom signed certificates for Usage Meter 4.x versions. It still in the road map and i believe it will be taken care in the upcoming versions.
I have tested in my lab since the Usage Meter 4.x version uses ngnix web servers so i found a possibility to replace the certificates.
Note: Its official not supported and no supported documentation available at this moment and you have to repeat ever time you upgrade or patch the Usage Meter appliance make sure to take a snapshot or a valid backup before performing the steps
• Please take a snapshot of the Usage Meter Appliance
• Once you have the certificate and the key file generated from your CA
• Access the Usage Meter appliance via SSH using the root account
• Take a backup of the crt and key files from the location and copy the new crt and key files to
• ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt
• ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key
• Edit the configuration file
vi /opt/vmware/cloudusagemetering/conf/nginx.conf to match the crt and key location
Once the changes have been made make sure to give the usagemeter account full permissions to the directories crt,key,configuration files as shown below
chown -R usagemeter /opt/vmware/cloudusagemetering/conf/nginx.conf
chown -R usagemeter /etc/ssl/private/nginx-selfsigned.key
chown -R usagemeter /etc/ssl/certs/nginx-selfsigned.crt
Once the permission has been provided the usagemeter account should be able to access the file
using the account so login into the UM appliance via SSH using usagemeter account
chmod 777 /etc/ssl/certs/nginx-selfsigned.crt
chmod 777 /etc/ssl/private/nginx-selfsigned.key
chmod 777 /opt/vmware/cloudusagemetering/conf/nginx.conf
Finally reboot the appliance and verify the certificates on the https://IPaddress:8443 browser interface