Use the SDDC Manager VM to generate a certificate and private key. Use the certificate and private key when you deploy vRealize Automation.

Prerequisites

You have configured a Microsoft Certificate Authority. See "Configure Certificate Authority" in the VMware Cloud Foundation Operations and Administration Guide.

Procedure

  1. Using SSH, log in to the SDDC Manager VM with the user name vcf and password you specified in the deployment parameter sheet.
  2. Enter su and the password you specified in the deployment parameter sheet.
  3. Navigate to the /opt/vmware/vcf/operationsmanager/scripts/cli directory.
  4. Run the following command.
    ./generate_certificate.sh
  5. Enter 2 to generate a certificate.
  6. Press Enter to accept the default resource type (vra).
  7. Enter the information for use with your certificate request.
    For example, Country Name, State or Province Name.
  8. Enter the subject alternative names (SANs) for each of the vRealize Automation components.
    Add the FQDN for each component as a separate SAN entry. You can also add the hostname for each component as a separate SAN entry.
    Component Sample SANs
    vRealize Automation Appliance Load Balancer VIP vra01svr01.rainpole.local
      vra01svr01
    vRealize Automation Appliance vra01svr01a.rainpole.local
      vra01svr01a
    vRealize Automation Appliance vra01svr01b.rainpole.local
      vra01svr01b
    vRealize Automation Appliance vra01svr01c.rainpole.local
      vra01svr01c
    vRealize Automation IaaS Web Server VIP vra01iws01.rainpole.local
      vra01iws01
    vRealize Automation IaaS Web Server vra01iws01a.rainpole.local
      vra01iws01a
    vRealize Automation IaaS Web Server vra01iws01b.rainpole.local
      vra01iws01b
    vRealize Automation IaaS Manager Service VIP vra01ims01.rainpole.local
      vra01ims01
    vReaize Automation IaaS Manager Service and DEM Orchestrator vra01ims01a.rainpole.local
      vra01ims01a
    vReaize Automation IaaS Manager Service and DEM Orchestrator vra01ims01b.rainpole.local
      vra01ims01b
    vRealize Automation DEM Worker vra01dem01a.rainpole.local
      vra01dem01a
    vRealize Automation DEM Worker vra01dem01b.rainpole.local
      vra01dem01b
  9. Enter done.

  10. Enter the file path to copy the private key.
    The default path is /tmp/private_key.pem.
  11. Enter the file path to copy the csr file.
    The default path is /tmp/csr.pem.
  12. Enter the file path to copy the server certificate.
    The default path is /tmp/server.pem.
  13. Enter the file path to copy the root CA certificate.
    The default path is /tmp/rootca.pem.

What to do next

Deploy vRealize Automation. You will need the private key, server certificate, and root CA certificate.