The VMware Aria Suite Lifecycle Locker allows you to manage certificates for the various suite products. You can manage certificates, including generate a new certificate, for products that are deployed by VMware Aria Suite Lifecycle.

Prerequisites

  • Certificates that are about to expire in less than 15 days cannot be imported.
  • To manage the certificate for an imported environment, add the certificate in the VMware Aria Suite Lifecycle and perform inventory sync so that the certificate is mapped to the imported environment, after which replace certificate and scale-out wizards will be aware of the existing certificate.

Procedure

  1. From the VMware Aria Suite Lifecycle My Services dashboard, click Locker.
  2. You can either select Generate, Import, or Generate CSR.
    Option Description
    Generate
    1. Enter the required text boxes.
    2. Select the length of the Key.
    3. Enter the valid Server Domain/Hostname. You can also include the wildcard certificate. For example, you can enter *.sql.local.
    4. Enter the FQDN or IP Address.
    5. Click Generate.
    Import
    1. Enter a valid certificate name.
    2. In the Passphrase text box, enter Cert-Password (if applicable).
    3. Click Browse File and browse to the saved PEM file.
    4. When you upload a PEM file, the private key and certificate chain details are populated automatically.
    5. Enter the private key and certificate chain details manually.
    6. Click Import.
    The requirements for PEM file are:
    • Both the certificate chain and private key must be in the same file, and the product certificate must be the first entry in the file.
    • The PEM file that are imported can have 2048 bits key or 4096 bits key.
    • If the PEM file certificate is encrypted then the passphrase must be provided while importing the certificate into VMware Aria Suite Lifecycle.
    Generate CSR
    1. Enter the required text boxes.
    2. Select the length of the key.
    3. Enter a valid domain name. You can also include the wildcard certificate. For example, you can enter *.sql.local.
    4. Enter the IP address in which you are assigning the certificate.
    Note: Generate CSR downloads a PEM file. This file can be taken to the certificate authority for signing and can be made as a trusted certificate. The pem file downloaded will have the private key and certificate request chain. You must be cautious and share only the CSR part of the pem file but not the key for the certificate signing.
  3. Click Generate.
  4. You can click the certificate from the inventory to view the details and its associated environments with their products.
  5. To download or replace the certificate, click the vertical ellipses on the certificate.

Results

VMware Aria Suite Lifecycle generates a new certificate for the specific domain provided by the user.