You can replace the default self-signed certificate with custom certificate to meet the organization security compliance guidelines.

Prerequisites

  1. Verify that you have root credentials for the Appliance/VM where VMware Skyline Health Diagnostics is running

  2. Verify that you have the signed SSL Certificate with the CSR generated in the previous section.

  3. For more information about enabling the root user log in on Photon OS, see https://vmware.github.io/Photon/assets/files/html/3.0/Photon_troubleshoot/permitting-root-login-with-ssh.html(This configuration is not necessary for VMware SHD Appliance as by default it is configured to allow root user logins through SSH)

Procedure

  1. SSH to the Appliance/VM where VMware Skyline Health Diagnostics running.
  2. Log in as a root user.
  3. To change the working directory to the directory you created during generating this CSR stage, run the cd command. For example, cd newcert.
  4. To create a new file by name rui.crt using vi editor, run command virui.crt.
  5. To copy the content of CA signature that you received from your CA authority, open the CA signed certificate on your desktop using any text editor and copy the content.
  6. To paste the content to rui.crt file using vi editor, press I to enable insert mode.

    You must see -- INSERT -- in the bottom of the screen pressing the insert mode.

  7. Right-click to paste the copied certificate details.
    1. If your CA provides any intermediate certificates, make sure you paste them following the actual certificate.
  8. Save the file by pressing the following sequence Esc:wq.
  9. Copy the previously generated key and certificate files to the location where default certificates are saved.
    1. cp rui.crt rui.key /opt/vmware-shd/vmware-shd/conf/ssl/
  10. Restart the web server by running systemctlrestart nginx.
  11. Log in to the UI using browser and verify that the new certificates are in use.

Results

The web server runs with customer certificates.

What to do next

You see that the services are not available, you can revert to self-signed certificate following the procedure in Reverting to Self-Signed Certificate.