After you generate the PEM certificate chain file that contains the own certificate, the signer certificate and the private key file, upload the certificate chain to vRealize Log Insight in the ROBO.

Procedure

  1. Log in to the vRealize Log Insight user interface.
    1. Open a Web browser and go to https://nyc01vrli01-cluster01.rainpole.local.
    2. Log in using the following credentials.

      Setting

      Value

      User name

      admin

      Password

      vrli_admin_password

  2. In the vRealize Log Insight UI, click the configuration drop-down menu icon  and select Administration.
  3. Under Configuration, click SSL.
  4. On the SSL Configuration page, next to New Certificate File (PEM format) click Choose File, browse to the location of the vrli.nyc01.2.chain.pem file on your computer, and click Save.

    The certificate is uploaded to vRealize Log Insight. 

  5. Import the certificate into the Java Keystore on each vRealize Log Insight node.
    1. Open an SSH session and go each of the vRealize Log Insight nodes.

      Name

      Role

      nyc01vrli01.rainpole.local

      Master node

      nyc01vrli02.rainpole.local

      Worker node 1

      nyc01vrli03.rainpole.local

      Worker node 2

    2. Log in using the following credentials.

      Setting

      Value

      User name

      root

      Password

      vrli_root_password

    3. Convert the on-disk vrli.nyc01.2.chain.pem file in to a vrli.nyc01.2.chain.crt file.
      openssl x509 -in /root/vrli.nyc01.2.chain.pem -inform PEM -out /root/vrli.nyc01.2.chain.crt
    4. Import the vrli.nyc01.2.chain.crt in to the Java keystore.
      cd /usr/java/default/lib/security/ 
      ../../bin/keytool -import -alias loginsight -file /root/vrli.nyc01.2.chain.crt -keystore cacerts
    5. When prompted for a keystore password, type changeit.
    6. When prompted to accept the certificate, type yes.
    7. Repeat this operation on all vRealize Log Insight nodes until complete.
  6. In a Web browser, go to https://nyc01vrli01-cluster01.rainpole.local.

    A warning message that the connection is not trusted appears.

  7. To review the certificate, click the padlock  icon in the address bar of the browser, and verify that the Subject Alternative Name contains the names of the vRealize Log Insight cluster nodes.
  8. Import the certificate in your Web browser.

    For example, in Google Chrome under the HTTPS/TLS settings click the Manage certificates button, and in the Certificates dialog box import vrli.nyc01.2.chain.pem.

     You can also use Certificate Manager on Windows or Keychain Access on MAC OS X.