To establish a trusted connection to the Skyline Collector instance in Region B, you replace the SSL certificate on the virtual appliance management interface (VAMI) with a custom certificate signed by a certificate authority that is available on the parent Active Directory or on the intermediate Active Directory.

Procedure

  1. On the Windows machine that you use to generate certificates, in the C:\CertGenVVD-version\SignedByMSCACerts folder, duplicate the files generated by using the VMware Validated Design Certificate Generation Utility under new file names.
    File Type Original File Name New File Name
    Certificate lax01sky01.2.chain.pem nginx-selfsigned.crt
    Key lax01sky01-orig.key nginx-selfsigned.key
  2. Log in to the Skyline Collector virtual appliance by using a Secure Shell (SSH) client.
    1. Open an SSH connection to lax01sky01.lax01.rainpole.local.
    2. Log in using the following credentials.
      Setting Value
      User name root
      Password skyline_root_password
  3. By using SCP software such as WinSCP, copy and overwrite the existing nginx-selfsigned.crt and nginx-selfsigned.key files in the /usr/local/skyline/ui/ directory on the appliance with the generated certificate authority signed certificate files.
  4. To update the certificate on the VAMI, restart the services of the Nginx and VAMI servers .
    1. Restart the Nginx and VAMI services by running the following commands.
      systemctl restart nginx
      
      /etc/init.d/vami-lighttp restart
    2. Check the status of the Nginx services by running the following command.
      systemctl status nginx
  5. After you restart the services, verify that the certificate is updated on the VAMI.
    1. Close any opened Web browser windows.
    2. Open a Web browser window, and go to https://lax01sky01.lax01.rainpole.local:5480.
    3. Verify that you see the new certificate in the Web browser.