A self-signed certificate is installed when you install App Volumes Manager. You can replace the default self-signed certificate by modifying the Nginx configuration file.

Note: The self-signed certificate is installed in the same location as the Nginx configuration file: C:\Program Files (x86)\CloudVolumes\Manager\nginx\conf.

Prerequisites

  • Obtain an SSL certificate from a trusted Certificate Authority (CA).
  • Download the CA-signed certificate that you obtained and the corresponding key to the machine where the App Volumes Manager is installed. Note down the location where the files are downloaded.
  • If you provide a passphrase while generating the private key during the Certificate Signing Request (CSR), note down the passphrase.
  • Verify that the common name on the CA-signed certificate is the same as the host name or the IP address of App Volumes Manager that you configured while installing the agent.
  • Verify that the SSL key and certificate are both in PEM (Base64 encoded) format.
  • Verify that the certificate and key are Nginx compliant.

Procedure

  1. Log in as administrator to the machine where the App Volumes Manager is installed.
  2. Navigate to C:\Program Files (x86)\CloudVolumes\Manager\nginx\conf and make a copy of the existing Nginx configuration file, nginx.conf.
  3. Open the Nginx configuration file.
  4. Edit the ssl_certificate and ssl_certificate_key variables in the Nginx configuration file to point to the path of the certificate and key files that you downloaded.
  5. (Optional) If you had provided a passphrase for the CA-signed certificate, enter the passphrase for your certificate in the Nginx configuration file.
  6. Save the configuration file.
  7. Restart the App Volumes Manager service.

Example: Nginx Configuration File

In this example, the appvol_ca1_vmware.com.crt and appvol_ca1_vmware.com.key are the default self-signed certificates. 

server {
			server_name 0.0.0.0;
			listen 3443;
			listen 443;
			listen [::]:443;

			ssl on;
			ssl_certificate	appvol_ca1_vmware.com.crt;
			ssl_certificate_key	appvol_ca1_vmware.com.key;
			ssl_session_cache	builtin:1000;
			ssl_session_timeout 5m;

			root ../public;

What to do next

You can download and add the CA-signed certificate to the trust store of the App Volumes agent directly.