To prepare VMware Aria Suite Lifecycle for deploying Workspace ONE Access, you must generate an SSL certificate using the PowerShell module for VMware Validated Solutions and add the certificate to the VMware Aria Suite Lifecycle locker.

This procedure uses the PowerShell Module for VMware Validated Solutions to generate the required certificates from a Microsoft Active Directory Certificate Services. However, the module also supports generating certificate signing requests (CSRs) for third party certificate authorities for import to the VMware Aria Suite Lifecycle locker.

Prerequisites

  • Verify that a Microsoft Certificate Authority is available for the environment.
  • Install the PowerShell module for VMware Validated Solutions together with the supporting modules to request an SSL certificate from your Microsoft Certificate Authority.
  • Verify that you have OpenSSL 3.0 or later installed on the system that will run the PowerShell module. The OpenSSL Wiki has a list of third-party pre-compiled binaries for Microsoft Windows.

Procedure

  1. Generate an SSL certificate using the PowerShell module for VMware Validated Solutions.
    1. Start PowerShell.
    2. Replace the sample values in the variables below and run the commands in the PowerShell console. 
      $commonName = "xint-idm01.rainpole.io"
$subjectAltNames = "xint-idm01.rainpole.io, xint-idm01a.rainpole.io, xint-idm01b.rainpole.io, xint-cidm01c.rainpole.io"
$encryptionKeySize = 2048
$certificateExpiryDays = 730
$orgName = "rainpole"
$orgUnitName = "Platform Engineering"
$orgLocalityName = "San Francisco"
$orgStateName = "California"
$orgCountryCode = "US"

$caType = "msca"
$caFqdn = "rpl-ad01.rainpole.io"
$caUsername = "Administrator"
$caPassword = "VMw@re1!"
$caTemplate = "VMware"

$outputPath = ".\certificates\"
$csrFilePath = Join-Path $outputPath "$commonName.csr"
$keyFilePath = Join-Path $outputPath "$commonName.key"
$crtFilePath = Join-Path $outputPath "$commonName.crt"
$rootCaFilePath = Join-Path $outputPath "$caFqdn-rootCa.pem"
    3. Perform the configuration by running the command in the PowerShell console. 
      Invoke-GeneratePrivateKeyAndCsr -outDirPath $outputPath -commonName $commonName -subjectAlternativeNames $subjectAltNames -keySize $encryptionKeySize -expireDays $certificateExpiryDays -organization $orgName -organizationUnit $orgUnitName -locality  $orgLocalityName -state $orgStateName -country $orgCountryCode
      Invoke-RequestSignedCertificate -caFqdn $caFqdn -csrFilePath $csrFilePath -outDirPath $outputPath -certificateAuthority $caType -username $caUsername -password $caPassword -certificateTemplate $caTemplate -getCArootCert
      Invoke-GenerateChainPem -outDirPath $outputPath -keyFilePath $keyFilePath -crtFilePath $crtFilePath -rootCaFilePath $rootCaFilePath
  2. Add the generated SSL certificate to the VMware Aria Suite Lifecycle locker.
    1. Log in to VMware Aria Suite Lifecycle at https://<aria_suite_lifecycle_fqdn> as vcfadmin@local.
    2. On the My services page, click Locker.
    3. In the navigation pane, click Certificates.
    4. On the Certificates page, click Import.
    5. On the Import certificate page, enter a name for the Workspace ONE Access certificate according to your VMware Cloud Foundation Planning and Preparation Workbook.
    6. Click Browse file, navigate to the Workspace ONE Access certificate file (.pem), and click Open.
    7. On the Import certificate page, click Import.