Access to the VMware Aria Operations user interface and API requires an SSL connection. By default, VMware Aria Operations uses a self-signed certificate. To provide secure access to the VMware Aria Operations user interface and API, replace the default self-signed certificate with a CA-signed certificate.

Table 1. Design Decisions on Certificates for VMware Aria Operations

Decision ID

Design Decision

Design Justification

Design Implication

IOM-VAOPS-SEC-015

Use a CA-signed certificate containing the analytics and VMware Cloud Proxy appliances in the SAN attributes, when deploying VMware Aria Operations .

Configuring a CA-signed certificate ensures that the communication to the externally facing Web UI and API for VMware Aria Operations , and cross-product, is encrypted.

  • Using CA-signed certificates from a certificate authority might increase the deployment preparation time as certificate requests are generated and delivered.

  • Each time a node is added the certificate must be replaced to include the new node.

IOM-VAOPS-SEC-016

Use a SHA-2 or higher algorithm when signing certificates.

The SHA-1 algorithm is considered less secure and has been deprecated.

Not all certificate authorities support SHA-2.