This topic provides an overview of using custom certificate authorities (CAs) in a VMware Tanzu Operations Manager (Ops Manager) deployment.


To secure traffic in your Ops Manager deployment, you must provide a CA to issue digital certificates. This can be either an Ops Manager-generated or custom CA. When you add and activate a new CA, a digital certificate is issued to BOSH Director. BOSH Director then passes the certificate to other components in your Ops Manager deployment.

VMware recommends you supply a CA from a trusted provider when using a production environment. While you can create your own custom CAs if necessary, a trusted CA is more secure because it has been authenticated by the trusted entities permitted to issue them.

Note: Elliptic Curve Digital Signature Algorithm (ECDSA) certificates are not supported in Ops Manager.

Add a Custom CA

You can add a new custom CA as part of the procedure for rotating CAs and other certificate types in Ops Manager. To add and activate a new custom CA in Ops Manager, see Rotating CAs and Leaf Certificates.

check-circle-line exclamation-circle-line close-line
Scroll to top icon