When you deploy a VLA, the appliance contains a single vNIC to which you apply a single IP address and, ideally, FQDN (as part of the deployment). On first boot, the VLA creates a self-signed certificate using the FQDN (or IP address if no FQDN is present).
After deployment, you or other administrators may configure one or more additional vNIC(s) on the appliance, for example for network isolation, multi-homing, etc. In order for traffic through these additional vNIC(s) to be secure, the
VLA needs a change to its certificate configuration. You can either:
- Create and Deploy a wild-card certificate that works for all the FQDNs associated with the appliance's vNICs
- Create and Deploy one additional certificate for each of the additional FQDNs associated with the additional vNIC(s)
Note: Further discussion of creating and deploying certificates is beyond the scope of this document.
# vla_cert -c -i <service-name> -f --cn <Alternative_FQDN> # vla_cert_manager --sync
For Example:
# vla_cert -c -i vla-server -f --cn vla-managed.example.com # vla_cert_manager --sync