Access to the vRealize Log Insight user interface and API require an SSL connection. By default, vRealize Log Insight uses a self-signed certificate. To provide secure access to the vRealize Log Insight user interface, replace the default self-signed certificate with a CA-signed certificate.

Table 1. Design Decisions on Certificates for vRealize Log Insight

Decision ID

Design Decision

Design Justification

Design Implication

SDDC-COM-CO- LOG-067

Use a CA-signed certificate containing the vRealize Log Insight cluster node FQDNs, and the ILB FQDN in the SAN attributes, when deploying vRealize Log Insight in each region.

Configuring a CA-signed certificate ensures that the communication to the externally facing UI and API for vRealize Log Insight, and cross-product, is encrypted.

Using CA-signed certificates from a certificate authority might increase the deployment preparation time as certificate requests are generated and delivered.

SDDC-COM-CO- LOG-068

Use a SHA-2 or higher algorithm when signing certificates.

The SHA-1 algorithm is considered less secure and has been deprecated.

Not all certificate authorities support SHA-2.