To prepare VMware Aria Suite Lifecycle for deploying VMware Aria Operations for Logs, you must generate an SSL certificate using the PowerShell module for VMware Validated Solutions and add the certificate to the VMware Aria Suite Lifecycle locker.

Procedure

  1. Generate an SSL certificate using the PowerShell module for VMware Validated Solutions.
    1. Start PowerShell.

    2. Replace the values in the variables below and run the commands.
      $commonName = "sfo-logs01.sfo.rainpole.io"
      $subjectAltNames = "sfo-logs01.sfo.rainpole.io, sfo-logs01a.sfo.rainpole.io, sfo-logs01b.sfo.rainpole.io, sfo-logs01c.sfo.rainpole.io"
      $encryptionKeySize = 2048
      $certificateExpiryDays = 730
      $orgName = "rainpole"
      $orgUnitName = "Platform Engineering"
      $orgLocalityName = "San Francisco"
      $orgStateName = "California"
      $orgCountryCode = "US"
      
      $caType = "msca"
      $caFqdn = "rpl-ad01.rainpole.io"
      $caUsername = "Administrator"
      $caPassword = "VMw@re1!"
      $caTemplate = "VMware"
      
      $outputPath = ".\certificates\"
      $csrFilePath = Join-Path $outputPath "$commonName.csr"
      $keyFilePath = Join-Path $outputPath "$commonName.key"
      $crtFilePath = Join-Path $outputPath "$commonName.crt"
      $rootCaFilePath = Join-Path $outputPath "$caFqdn-rootCa.pem"
    3. Perform the configuration by running the command in the PowerShell console.

      Invoke-GeneratePrivateKeyAndCsr -outDirPath $outputPath -commonName $commonName -subjectAlternativeNames $subjectAltNames -keySize $encryptionKeySize -expireDays $certificateExpiryDays -organization $orgName -organizationUnit $orgUnitName -locality  $orgLocalityName -state $orgStateName -country $orgCountryCode
      
      Invoke-RequestSignedCertificate -caFqdn $caFqdn -csrFilePath $csrFilePath -outDirPath $outputPath -certificateAuthority $caType -username $caUsername -password $caPassword -certificateTemplate $caTemplate -getCArootCert
      
      Invoke-GenerateChainPem -outDirPath $outputPath -keyFilePath $keyFilePath -crtFilePath $crtFilePath -rootCaFilePath $rootCaFilePath
  2. Add the new SSL certificate to the VMware Aria Suite Lifecycle locker.
    1. Log in to VMware Aria Suite Lifecycle at https://<aria_suite_lifecycle_fqdn> as vcfadmin@local.
    2. On the My services page, click Locker.
    3. In the navigation pane, click Certificates.
    4. On the Certificates page, click Import.
    5. On the Import certificate page, enter a name for the VMware Aria Operations for Logs certificate according to your VMware Cloud Foundation Planning and Preparation Workbook.
    6. Click Browse file, navigate to the VMware Aria Operations for Logs certificate file (.pem), and click Open.
    7. On the Import certificate page, click Import.