You can generate a self-signed certificate for Windows or Linux by using the OpenSSL tool.

Prerequisites

  • Download the appropriate installer for OpenSSL from https://www.openssl.org/community/binaries.html. Use the downloaded OpenSSL installer to install it on Windows.
  • Edit the openssl.cfg file to add additional required parameters. Make sure the [req] section has the req_extensions parameter defined. 
    [req]
        .
        .
        req_extensions=v3_req #
  • Add an appropriate Subject Alternative Name entry for the hostname or IP address of your server, for example server-01.operationsforlogs.domain. You cannot specify a pattern for the hostname. 
    [v3_req]
        .
        .
        subjectAltName=DNS:server-01.operationsforlogs.domain
        #subjectAltName=IP:10.27.74.215

Procedure

  1. Create a folder to save your certificate files, for example C:\Certs\OperationsforLogs.
  2. Open a command prompt and run the following command. 
    C:\Certs\OperationsforLogs>openssl req -x509 -nodes -newkey 2048 -keyout server.key -out server.crt -days 3650

    OpenSSL prompts you to supply certificate properties, including country, organization, and so on.

  3. Enter the exact IP address or hostname of your VMware Aria Operations for Logs server, or the VMware Aria Operations for Logs cluster address if load balancing is enabled.
    This property is the only one for which it is mandatory to specify a value.

Results

Two files are created, server.key and server.crt.

  • server.key is a new PEM-encoded private key.
  • server.crt is a new PEM-encoded certificate signed by server.key.