A self-signed certificate is installed when you install App Volumes Manager. You can replace the default self-signed certificate by modifying the Nginx configuration file.


The self-signed certificate is installed in the same location as the Nginx configuration file: C:\Program Files (x86)\CloudVolumes\Manager\nginx\conf.


  • Obtain an SSL certificate from a trusted Certificate Authority (CA).

  • Download the CA-signed certificate that you obtained and the corresponding key to the machine where the App Volumes Manager is installed. Note down the location where the files are downloaded.
  • If you provide a passphrase while generating the private key during the Certificate Signing Request (CSR), note down the passphrase.

  • Verify that the common name on the CA-signed certificate is the same as the host name or the IP address of App Volumes Manager that you configured while installing the agent.

  • Verify that the SSL key and certificate are both in PEM (Base64 encoded) format.

  • Verify that the certificate and key are Nginx compliant.


  1. Log in as administrator to the machine where the App Volumes Manager is installed.
  2. Navigate to C:\Program Files (x86)\CloudVolumes\Manager\nginx\conf and make a copy of the existing Nginx configuration file, nginx.conf.
  3. Open the Nginx configuration file.
  4. Edit the ssl_certificate and ssl_certificate_key variables in the Nginx configuration file to point to the path of the certificate and key files that you downloaded.
  5. (Optional) If you had provided a passphrase for the CA-signed certificate, enter the passphrase for your certificate in the Nginx configuration file.
  6. Save the configuration file.
  7. Restart the App Volumes Manager service.

Nginx Configuration File

In this example, the appvol_ca1_vmware.com.crt and appvol_ca1_vmware.com.key are the default self-signed certificates.

server {
			listen 3443;
			listen 443;
			listen [::]:443;

			ssl on;
			ssl_certificate	appvol_ca1_vmware.com.crt;
			ssl_certificate_key	appvol_ca1_vmware.com.key;
			ssl_session_cache	builtin:1000;
			ssl_session_timeout 5m;

			root ../public;

What to do next

You can download and add the CA-signed certificate to the trust store of the App Volumes agent directly.