Use the SDDC Manager VM to generate a certificate request and private key. Your Certificate Authority uses the certificate request to generate a certificate you can use when you deploy vRealize Automation.

Procedure

  1. Using SSH, log in to the SDDC Manager VM with the user name vcf and password you specified in the deployment parameter sheet.
  2. Enter su and the password you specified in the deployment parameter sheet.
  3. Navigate to the /opt/vmware/vcf/operationsmanager/scripts/cli directory.
  4. Run the following command.
    ./generate_certificate.sh
  5. Enter 1 to generate a certificate signing request.
  6. Press Enter to accept the default resource type (vra).
  7. Enter the information for use with your certificate request.
    For example, Country Name, State or Province Name, and so on.
  8. Enter the subject alternative names (SANs) for each of the vRealize Automation components.
    Add the FQDN and hostname for each component as a separate SAN entry.
    Component Sample SANs
    vRealize Automation Appliance Load Balancer VIP vra01svr01.rainpole.local
      vra01svr01
    vRealize Automation Appliance vra01svr01a.rainpole.local
      vra01svr01a
    vRealize Automation Appliance vra01svr01b.rainpole.local
      vra01svr01b
    vRealize Automation Appliance vra01svr01c.rainpole.local
      vra01svr01c
    vRealize Automation IaaS Web Server VIP vra01iws01.rainpole.local
      vra01iws01
    vRealize Automation IaaS Web Server vra01iws01a.rainpole.local
      vra01iws01a
    vRealize Automation IaaS Web Server vra01iws01b.rainpole.local
      vra01iws01b
    vRealize Automation IaaS Manager Service VIP vra01ims01.rainpole.local
      vra01ims01
    vReaize Automation IaaS Manager Service and DEM Orchestrator vra01ims01a.rainpole.local
      vra01ims01a
    vReaize Automation IaaS Manager Service and DEM Orchestrator vra01ims01b.rainpole.local
      vra01ims01b
    vRealize Automation DEM Worker vra01dem01a.rainpole.local
      vra01dem01a
    vRealize Automation DEM Worker vra01dem01b.rainpole.local
      vra01dem01b
  9. Enter done.

  10. Enter the file path to copy the private key.
    The default path is /tmp/private_key.pem.
  11. Enter the file path to copy the csr file.
    The default path is /tmp/csr.pem.

What to do next

Send the certificate signing request to your Certificate Authority to get a certificate. You will need the server certificate, root CA certificate, and your private key to deploy vRealize Automation.