This topic provides an overview of how you can use custom certificate authorities (CAs) in your VMware Tanzu Operations Manager deployment.
To secure traffic in your Tanzu Operations Manager deployment, you must provide a CA to issue digital certificates. This can be either an Tanzu Operations Manager-generated or custom CA. When you add and activate a new CA, a digital certificate is issued to BOSH Director. BOSH Director then passes the certificate to other components in your Tanzu Operations Manager deployment.
VMware recommends you supply a CA from a trusted provider when using a production environment. While you can create your own custom CAs if necessary, a trusted CA is more secure because it has been authenticated by the trusted entities permitted to issue them.
Elliptic Curve Digital Signature Algorithm (ECDSA) certificates are not supported in Tanzu Operations Manager.
You can add a new custom CA as part of the procedure for rotating CAs and other certificate types in Tanzu Operations Manager. To add and activate a new custom CA in Tanzu Operations Manager, see Rotating CAs and Leaf Certificates.