In all the default installations of VMware Aria Operations nodes a default self-signed VMware certificate is included. You can implement your own SSL certificate from an internal Certificate Authority or external Certificate Authority.
For more information on the certificate installation procedures, see Requirements for Custom vRealize Manager SSL Certificates.
In addition to these configuration variables it is important to understand how SSL certificates are distributed in a cluster. If you upload a certificate to a node in the cluster, for example: the primary node, the certificate will then be pushed to all nodes in the cluster. To handle UI sessions by all the nodes in the cluster you must upload an SSL certificate that contains all the DNS names (optional: IP addresses and DNS names) in the Subject Alternative Name field of the uploaded certificate. The common name must be the Load Balancer DNS name. The subject alternative names are used to support access to the admin UI page.
When the certificate is uploaded trough admin UI page it is pushed to all the nodes in the cluster. Currently, when you use a load balancer with VMware Aria Operations, the only supported method is SSL pass-through, which means the SSL certificate cannot be terminated on the load balancer.
To change SSL Certificate on a cluster deployment:
Procedure
- Log in to the primary node by using the following link: https://<ipaddress>/admin.
- On the top right side, click the certificate button to change the certificate.
- Click on Install New Certificate
- Click on Browse button and choose PEM certificate file.
- After certificate verification click Install.
Results
When you view the certificate on the node that you are accessing, you will see all nodes in the cluster listed in the certificate SAN.