Replace the Self-Signed Certificate with the Custom Certificate

You can replace the default self-signed certificate with a custom certificate signed by your certificate authority to meet the organizations security compliance guidelines.

Prerequisites

Verify that you have root user credentials for the VMware Skyline Health Diagnostics appliance.
For more information about enabling the root user log in to the VMware Photon OS, see: https://vmware.github.io/Photon/assets/files/html/3.0/Photon_troubleshoot/permitting-root-login-with-ssh.html (This configuration is not necessary for the VMware Skyline Health Diagnostics appliance as by default it is configured to allow root user log in through SSH).
Verify that you can log in using root credentials to the VMware Skyline Health Diagnostics appliance console.
Verify that you have the signed SSL Certificate with the Certificate Signing Request generated in Generate Certificate Signing Request section.

Procedure

Open the Skyline Health Diagnostics appliance console using the VMware vSphere client or Secure Shell (SSH) client.
Log in as root user.
Change the working directory to the directory you created while generating the Certificate Signing Request, run the cd your_directory_name command. For example, cd newcert.
Create a new file by name rui.crt using vi editor, run the command vi rui.crt.
Copy the contents of CA signature that you received from your CA authority, open the CA signed certificate on your desktop using any text editor and copy the content.
Paste the content to the rui.crt file using vi editor, press I to enable insert mode.

You must see - INSERT - in the bottom of the screen pressing the insert mode.
Right-click to paste the copied certificate details.
1. If your CA provides any intermediate certificates, make sure you copy and paste them following the actual certificate.
Save the file by pressing the following sequence Esc:wq.
Copy the previously generated key and certificate files to the location where default certificate is located.
1. cp rui.crt rui.key /opt/vmware-shd/vmware-shd/conf/ssl/
Restart the web server, run the command systemctl restart nginx.
Log in to the user interface using browser and verify that the new certificate is used.

Results

The web server runs with custom certificates.

What to do next

If the VMware Skyline Health Diagnostics user interface is not available, revert to self-signed certificate see Reverting to Self-Signed Certificate.