Access to the VMware Aria Operations for Logs user interface and API require an SSL connection. By default, VMware Aria Operations for Logs uses a self-signed certificate. To provide secure access to the VMware Aria Operations for Logs user interface, replace the default self-signed certificate with a CA-signed certificate.

Table 1. Design Decisions on Certificates for VMware Aria Operations for Logs

Decision ID

Design Decision

Design Justification

Design Implication

ILA-VAOL-SEC-010

Use a CA-signed certificate containing the VMware Aria Operations for Logs cluster node FQDNs, and the ILB FQDN in the SAN attributes, when deploying VMware Aria Operations for Logs in each VMware Cloud Foundation instance.

Configuring a CA-signed certificate ensures that the communication to the externally facing UI and API for VMware Aria Operations for Logs, and cross-product, is encrypted.

Using CA-signed certificates from a certificate authority might increase the deployment preparation time as certificate requests are generated and delivered.

ILA-VAOL-SEC-011

Use a SHA-2 or higher algorithm when signing certificates.

The SHA-1 algorithm is considered less secure and has been deprecated.

Not all certificate authorities support SHA-2.