To replace the default, self-signed certificate, which is installed when installing App Volumes Manager, you can use a custom self-signed certificate. To generate a custom self-signed certificate, you must first create a configuration file and then use this file to generate the key and certificate.

Alternately, you can obtain a CA-signed certificate and later use this certificate to replace the default, self-signed certificate. For more information, see Obtain a CA-Signed Certificate Using a CSR.

Procedure

  1. Create and name a text file as <config_file_name>.cfg.
  2. Make note of the file location.
    You need this file when generating the custom self-signed certificate.
  3. Open the <config_file_name>.cfg configuration file in a text application and add the following settings:
    Note:
    • You can add custom values to these settings, however ensure that you use only digitalSignature, keyEncipherment, dataEncipherment for the keyUsage setting and serverAuth, clientAuth to extendedKeyUsage.
    • It is mandatory to provide the commonName, but optional to provide emailAddress.
    [ req ]
default_bits = 
default_keyfile = 
distinguished_name = 
encrypt_key = 
prompt = 
string_mask = 
req_extensions = 

[ v3_req ]
basicConstraints = 
keyUsage = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = 

[ req_distinguished_name ]
countryName = 
stateOrProvinceName = 
localityName = 
organizationName = 
emailAddress = 
commonName =
    For example: Here is a sample <config_file_name>.cfg file: 
    [ req ]
default_bits = 2048
default_keyfile = svserver.key
distinguished_name = req_distinguished_name
encrypt_key = no
prompt = no
string_mask = nombstr
req_extensions = v3_req

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = DNS: appvolumemanager, IP:10.0.0.10, DNS:appvolumemanager.vmware.com

[ req_distinguished_name ]
countryName = US
stateOrProvinceName = California
localityName = Palo Alto
organizationName = VMware, Inc.
emailAddress = ssl-certificates@vmware.com
commonName = appvolumemanager.vmware.com
  4. To generate the custom self-signed certificate, run the following command: openssl req -nodes -new -x509 -keyout <key_name>.key -sha256 -out <certificate_name>.crt -days 3650 -config <config_file_name>.cfg -extensions v3_req.
    The following two files are generated as outputs: <certificate_name>.crt and <key_name>.key.

What to do next

Replace the App Volumes Default Self-Signed Certificate