A self-signed certificate is installed when you install App Volumes Manager. You can replace the default self-signed certificate with either a custom self-signed certificate or a CA-signed certificate. To replace the default, self-signed certificate, you must modify the Nginx configuration file.
Note: The self-signed certificate is installed in the same location as the Nginx configuration file:
C:\Program Files (x86)\CloudVolumes\Manager\nginx\conf.
Prerequisites
To replace the default, self-signed certificate, you must have already generated a custom self-signed certificate (Generate a Custom Self-Signed Certificate) or a CA-signed certificate (Obtain a CA-Signed Certificate Using a CSR) with you.
Ensure that you are aware of the following considerations when replacing with either custom self-signed or CA-signed certificate:
- If you provide a passphrase while generating the private key, note down the passphrase.
- Verify that the common name is the same as the host name or the IP address of App Volumes Manager that you configured while installing the agent.
- Verify that the SSL key and certificate are both in PEM (Base64 encoded) format.
- Verify that the certificate and key are Nginx compliant.
Ensure that you are aware of the following additional considerations when replacing with CA-signed certificate:
- Obtain an SSL certificate from a trusted Certificate Authority (CA).
- Download the CA-signed certificate that you obtained and the corresponding key to the machine where App Volumes Manager is installed.
Procedure
- Log in as administrator to the machine where App Volumes Manager is installed.
- Navigate to C:\Program Files (x86)\CloudVolumes\Manager\nginx\conf and make a copy of the existing Nginx configuration file, nginx.conf.
- Open the nginx.conf.
- Edit the ssl_certificate and ssl_certificate_key variables in the Nginx configuration file to point to the path of the certificate and key files that you downloaded.
- (Optional) If you had provided a passphrase for the CA-signed certificate, enter the passphrase for your certificate in the Nginx configuration file.
- Save the configuration file.
- Restart the App Volumes Manager service.
Example: Nginx Configuration File
In this example, the appvol_ca1_vmware.com.crt and appvol_ca1_vmware.com.key are the default self-signed certificates.
server { server_name 0.0.0.0; listen 3443; listen 443; listen [::]:443; ssl on; ssl_certificate appvol_ca1_vmware.com.crt; ssl_certificate_key appvol_ca1_vmware.com.key; ssl_session_cache builtin:1000; ssl_session_timeout 5m; root ../public;