You can replace your signed certificates when they expire.

About this task

For production environments, VMware strongly recommends that you replace the default certificate as soon as possible. The default TLS/SSL server certificate that is generated when you deploy an Unified Access Gateway appliance is not signed by a trusted Certificate Authority.

Prerequisites

  • New signed certificate and private key saved to a computer that you can access.

  • Convert the certificate to PEM-format files and convert the .pem to one-line format. See Convert Certificate Files to One-Line PEM Format.

Procedure

  1. In the administration console, click Select.
  2. In the Advanced Settings section, click the SSL Server Certificate Settings gearbox icon.
  3. Select a Certificate Type of PEM or PFX.
  4. If the Certificate Type is PEM:
    1. In the Private Key row, click Select and browse to the private key file.
    2. Click Open to upload the file.
    3. In the Certificate Chain row, click Select and browse to the certificate chain file.
    4. Click Open to upload the file.
  5. If the Certificate Type is PFX:
    1. In the Upload PFX row, click Select and browse to the pfx file.
    2. Click Open to upload the file.
    3. Enter the password of the PFX certificate.
    4. Enter the alias of the PFX certificate. This is used when multiple certificates are present in the certificate store.
  6. Click Save.

What to do next

If the CA that signed the certificate is not well known, configure clients to trust the root and intermediate certificates.