We recommend adding an SSL certificate for your Palo Alto Networks host server to the VMware Aria Operations truststore to help provide an added level of security.

Note:

If you select Verify for the SSL Configuration Advanced Setting when Creating an Adapter Instance , the management pack will attempt to verify the SSL certificate on your VMware Aria Operations system. Follow the steps below to add the certificate to the truststore.

To add the SSL certificate to your VMware Aria Operations truststore:

  1. Obtain the SSL certificate for your Palo Alto Networks host server from your Internet browser. Export the certificate as an X.509 Certificate (PEM).

  2. Copy the certificate to your VMware Aria Operations machine.

  3. Use ‘ssh’ to log in to the VMware Aria Operations machine as the root user, then run the following command:

    Linux:

    $VCOPS_BASE/jre/bin/keytool -import -alias <product_alias> -file /tmp/<certfile> -keystore “$VCOPS_DATA_VCOPS/user/conf/ssl/tcserver.truststore” -storepass grep ssltruststorePassword /storage/vcops/user/conf/ssl/storePass.properties | sed s/ssltruststorePassword=//` -trustcacerts

    Windows:

    %VCOPS_BASE%\jre\bin\keytool -import -alias <product_alias> C:\path\to\certfile -keystore “%VCOPS_DATA_VCOPS%\user\conf\ssl\tcserver.truststore” -storepass <truststore_password> -trustcacerts

    Parameter Descriptions:

    • <product_alias> is a unique name for each key that you add (per host)

    • <certfile> is the location where the cert file was saved

  4. Run the reboot command to re-start the VMware Aria Operations machine for the changes to take effect.