You can replace the default self-signed certificate with custom certificate to meet the organization security compliance guidelines.

Prerequisites

  1. Verify that you have root credentials for the Photon OS guest where you have installed VMware Skyline Health Diagnostics for vSphere.

  2. Verify that you have the signed SSL Certificate with the CSR generated in the previous section.

  3. For more information about enabling the root user log in on Photon OS, see https://vmware.github.io/Photon/assets/files/html/3.0/Photon_troubleshoot/permitting-root-login-with-ssh.html

Procedure

  1. SSH to the VM where VMware Skyline Health Diagnostics for vSphere is installed as root user to open a shell session.
  2. To change the working directory to the directory you created during generating this CSRstage, run the cd command. Ex: cdnewcert
  3. To create a new file by name rui.crt using vi editor, run command virui.crt.
  4. To copy the content of CA signature that you received from your CA authority, open the CA signed certificate on your desktop using any text editor and copy the content.
  5. To paste the content to rui.crt file usingvi editor, press Ito enable insert mode.

    You must see -- INSERT -- in the bottom of the screen hitting the insert mode.

  6. Right-click to paste the copied certificate details.
    1. If your CA provides any intermediate certificates, make sure you paste them following the actual certificate.
  7. Save the file by pressing the following sequence Esc:wq.
  8. Copy the previously generated key and certificate files to the location where default certificates are saved.
    1. cp rui.crt rui.key /opt/vmware-shd/vmware-shd/conf/ssl/
  9. Restart the web server by running systemctlrestart nginx.
  10. Log in to the UI using browser, and verify that the new certificates are in use.

Results

The web server runs with customer certificates.

What to do next

You see that the services are not available, you can revert to self-signed certificate following the procedure in Reverting to Self-Signed Certificate.