You can replace your signed certificates when they expire or substitute the default certificates with CA-signed certificates.
By default, Unified Access Gateway uses a self-signed TLS/SSL server certificate. For production environments, VMware strongly recommends that you replace the default self-signed certificate with a trusted CA signed certificate for your environment.
Note the following considerations when you upload a certificate:
- You can replace the default certificate with a PEM certificate for both the administrator and the user.
- When you upload a CA-signed certificate on the admin interface, the SSL connector on the admin interface is updated and restarted to ensure the uploaded certificate takes effect. If the connector fails to restart with the uploaded CA-signed certificate, a self-signed certificate is generated and applied on the admin interface and the user is notified that the previous attempt to upload a certificate was unsuccessful.
Note: With PowerShell deployment of Unified Access Gateway the SSL server certificate can be specified. It is not necessary to replace it manually.
Prerequisites
- New signed certificate and private key saved to a computer that you can access.
- Convert the certificate to PEM-format files and convert the .pem to one-line format. See Convert Certificate Files to One-Line PEM Format.
Procedure
- In the administration console, click Select.
- In the Advanced Settings section, click the TLS Server Certificate Settings gearbox icon.
- Select either Admin Interface or Internet Interface to apply the certificate to either of the interfaces. You can also select both to apply the certificate to both the interfaces.
- Select a Certificate Type of
PEM
orPFX
. - If the Certificate Type is PEM:
- In the Private Key row, click Select and browse to the private key file.
- Click Open to upload the file.
- In the Certificate Chain row, click Select and browse to the certificate chain file.
- Click Open to upload the file.
- If the Certificate Type is PFX:
- In the Upload PFX row, click Select and browse to the pfx file.
- Click Open to upload the file.
- Enter the password of the PFX certificate.
- Enter an alias for the PFX certificate.
You can use the alias to distinguish when multiple certificates are present.
- Click Save.