If the proxy is configured to perform SSL decryption and encryption of straight CONNECT and transparently redirected SSL traffic, using configurable CA certificates, it will require additional configuration on the appliance running VMware Skyline Health Diagnostics. Without this additional configuration, https connections from VMware Skyline Health Diagnostic will fail to verify the proxy generated certificates and result in failures.

Prerequisites

  • Verify that you have root credentials to log in VMware Skyline Health Diagnostic Appliance/VM

  • Make sure you have the Root Certificate/Certificate used by Proxy to sign the certificates used for connections. Normally this will be root certificate of your internal CA

Procedure

  1. Open the Root/Proxy Certificate in a text editor and copy the contents
  2. Log in to the Appliance running VMware Skyline Health Diagnostics as root user, using any SSH Clients
  3. Create a temporary file to hold the copied certificate contents
    1. vi /tmp/proxy.crt
    2. Press "I" to change to insert mode
    3. Paste the contents copied in step 1 (Right Click if using putty)
    4. Press "Esc" to switch the insert mode off
    5. Press ":wq" to save and quit the editor
  4. Update the VMware SHD installation with newly created proxy certificate by executing following command
    1. shd-config proxycert /tmp/proxy.crt
  5. Proceed with configuring the proxy as outlined in the "Proxy Settings" section

Results

Proxy Certificates are installed on VMware Skyline Health Diagnostics