Replace the App Volumes Default Self-Signed Certificate

A self-signed certificate is installed when you install App Volumes Manager. You can replace the default self-signed certificate with either a custom self-signed certificate or a CA-signed certificate. To replace the default, self-signed certificate, you must modify the Nginx configuration file.

Note: The self-signed certificate is installed in the same location as the Nginx configuration file: C:\Program Files (x86)\CloudVolumes\Manager\nginx\conf.

Prerequisites

To replace the default, self-signed certificate, you must have already generated a custom self-signed certificate (Generate a Custom Self-Signed Certificate) or a CA-signed certificate (Obtain a CA-Signed Certificate Using a CSR) with you.

Ensure that you are aware of the following considerations when replacing with either custom self-signed or CA-signed certificate:

If you provide a passphrase while generating the private key, note down the passphrase.
Verify that the common name is the same as the host name or the IP address of App Volumes Manager that you configured while installing the agent.
Verify that the SSL key and certificate are both in PEM (Base64 encoded) format.
Verify that the certificate and key are Nginx compliant.

Ensure that you are aware of the following additional considerations when replacing with CA-signed certificate:

Obtain an SSL certificate from a trusted Certificate Authority (CA).
Download the CA-signed certificate that you obtained and the corresponding key to the machine where App Volumes Manager is installed.

Procedure

Log in as administrator to the machine where App Volumes Manager is installed.
Navigate to C:\Program Files (x86)\CloudVolumes\Manager\nginx\conf and make a copy of the existing Nginx configuration file, nginx.conf.
Open the nginx.conf.
Edit the ssl_certificate and ssl_certificate_key variables in the Nginx configuration file to point to the path of the certificate and key files that you downloaded.
(Optional) If you had provided a passphrase for the CA-signed certificate, enter the passphrase for your certificate in the Nginx configuration file.
Save the configuration file.
Restart the App Volumes Manager service.

Example: Nginx Configuration File

In this example, the appvol_ca1_vmware.com.crt and appvol_ca1_vmware.com.key are the default self-signed certificates.

server {
			server_name 0.0.0.0;
			listen 3443;
			listen 443;
			listen [::]:443;

			ssl on;
			ssl_certificate	appvol_ca1_vmware.com.crt;
			ssl_certificate_key	appvol_ca1_vmware.com.key;
			ssl_session_cache	builtin:1000;
			ssl_session_timeout 5m;

			root ../public;

What to do next

You can download and add the CA-signed certificate to the trust store of the App Volumes agent directly.