When the VMware Identity Manager service is installed, a default SSL server certificate is generated. You can use the default certificate for testing purposes. You should generate and install commercial SSL certificates for your environment.

Before you begin

Generate a Certificate Signing Request (CSR) and obtain a valid, signed certificate from a CA. If your organization provides SSL certificates that are signed by a CA, you can use these certificates. The certificate must be in the PEM format.

About this task

Note:

If the VMware Identity Manager points to a load balancer, the SSL certificate is applied to the load balancer.

Procedure

  1. In the administration console, click Appliance Settings.

    VA configuration is selected by default.

  2. Click Manage Configuration.
  3. In the dialog box that appears, enter the VMware Identity Manager server admin user password.
  4. Select Install Certificate.
  5. In the Terminate SSL on Identity Manager Appliance tab, select Custom Certificate.
  6. In the SSL Certificate Chain text box, paste the host, intermediate, and root certificates, in that order.

    The SSL certificate works only if you include the entire certificate chain in the correct order. For each certificate, copy everything between and including the lines -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----

    Ensure that the certificate includes the FQDN hostname.

  7. Paste the private key in the Private Key text box. Copy everything between ----BEGIN RSA PRIVATE KEY and ---END RSA PRIVATE KEY.
  8. Click Save.

Certificate Examples

Certificate Chain Example

-----BEGIN CERTIFICATE-----

jlQvt9WdR9Vpg3WQT5+C3HU17bUOwvhp/r0+

...

...

...

W53+O05j5xsxzDJfWr1lqBlFF/OkIYCPcyK1

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

WdR9Vpg3WQT5+C3HU17bUOwvhp/rjlQvt90+

...

...

...

O05j5xsxzDJfWr1lqBlFF/OkIYCPW53+cyK1

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

dR9Vpg3WQTjlQvt9W5+C3HU17bUOwvhp/r0+

...

...

...

5j5xsxzDJfWr1lqW53+O0BlFF/OkIYCPcyK1

-----END CERTIFICATE-----

Private Key Example

-----BEGIN RSA PRIVATE KEY-----

jlQvtg3WQT5+C3HU17bU9WdR9VpOwvhp/r0+

...

...

...

1lqBlFFW53+O05j5xsxzDJfWr/OkIYCPcyK1

-----END RSA PRIVATE KEY-----