When the VMware Identity Manager service is installed, a default SSL server certificate is generated. You can use this self-signed certificate for testing purposes. However, VMware strongly recommends that you use SSL certificates signed by a public Certificate Authority (CA) for your production environment.

Note: If a load balancer in front of VMware Identity Manager terminates SSL, the SSL certificate is applied to the load balancer.

Prerequisites

  • Generate a Certificate Signing Request (CSR) and obtain a valid, signed SSL certificate from a CA. The certificate must be in the PEM format.
  • For the Common Name part of the Subject DN, use the fully-qualified domain name that users use to access the VMware Identity Manager service. If the VMware Identity Manager appliance is behind a load balancer, this is the load balancer server name.
  • If SSL is not terminated on the load balancer, the SSL certificate used by the service must include Subject Alternative Names (SANs) for each of the fully qualified domain names in the VMware Identity Manager cluster so that nodes within the cluster can make requests to each other. Also include a SAN for the FQDN host name that users use to access the VMware Identity Manager service, in addition to using it for the Common Name, because some browsers require it.

Procedure

  1. In the VMware Identity Manager console, click the Appliance Settings tab.
  2. Click Manage Configuration and enter the admin user password.
  3. Select Install SSL Certificates > Server Certificate.
  4. In the SSL Certificate field, select Custom Certificate.
  5. In the SSL Certificate Chain text box, paste the server, intermediate, and root certificates, in that order.
    You must include the entire certificate chain in the correct order. For each certificate, copy everything between and including the lines -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----.
  6. In the Private Key text box, paste the private key. Copy everything between ----BEGIN RSA PRIVATE KEY and ---END RSA PRIVATE KEY.
  7. Click Add.

Example: Certificate Examples

Certificate Chain Example
-----BEGIN CERTIFICATE-----

jlQvt9WdR9Vpg3WQT5+C3HU17bUOwvhp/r0+

...

W53+O05j5xsxzDJfWr1lqBlFF/OkIYCPcyK1

-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----

WdR9Vpg3WQT5+C3HU17bUOwvhp/rjlQvt90+

...

O05j5xsxzDJfWr1lqBlFF/OkIYCPW53+cyK1

-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----

dR9Vpg3WQTjlQvt9W5+C3HU17bUOwvhp/r0+

...

5j5xsxzDJfWr1lqW53+O0BlFF/OkIYCPcyK1

-----END CERTIFICATE-----
Private Key Example
-----BEGIN RSA PRIVATE KEY-----

jlQvtg3WQT5+C3HU17bU9WdR9VpOwvhp/r0+

...

1lqBlFFW53+O05j5xsxzDJfWr/OkIYCPcyK1

-----END RSA PRIVATE KEY-----