vRealize Log Insight Internal Certificate Expiration and Vulnerabilities

A lot of vRLI customers, including me, were caught off guard in recent weeks that a certificate is expiring on April 30th. I figured taking care of this shouldn’t be a big hassle, but I was wrong. VMware provided a long list of instructions for applying a workaround, which are linked below. Seemed like a lot of trouble for an internal certificate.



I figured VMware wouldn’t leave us all hanging and I decided to wait to see if a patch would be released before the end of the month. I am glad I did because patch 8.12 was released on the 20th. Applying the patch resolves all of the vulnerabilities (CVE-2023-20864, CVE-2023-20865) and the upcoming expiration of the certificate. I upgraded from 8.10.2 and had no issues with the upgrade. Very fast and straightforward with taking a powered off snapshot and applying the update through the web UI. Check out the link below for the VMware KB on this update.


The patch also provides more. vRLI is now VMware Aria Operations for Logs within the product. Will everyone call it vAOL? I figured the name change will happen sometime soon, but I didn’t think it would on a small patch. There are also a few other updates. Check out the link below for the release notes.