A self-signed certificate is generated when you first install the vRealize Operations for Published Applications adapter. The desktop message server and the broker message server use this certificate by default to authenticate to the agents. You can replace the self-signed certificate with a certificate that is signed by a valid certificate authority.
Verify that you can connect to the node where the vRealize Operations for Published Applications adapter is running.
Verify that you have the password for certificate store. You can obtain the password from the msgserver.properties file. See vRealize Operations for Published Applications Adapter Certificate and Trust Store Files.
Become familiar with the Java keytool utility. Documentation is available at http://docs.oracle.com.
- Log in to the node where the vRealize Operations for Published Applications adapter is running.
- Navigate to the vRealize Operations for Published Applications adapter's work directory.
- Use the keytool utility with the -selfcert option to generate a new self-signed certificate for the vRealize Operations for Published Applications adapter.
Because the default self-signed certificate is issued to VMware, you must generate a new self-signed certificate before you can request a signed certificate. The signed certificate must be issued to your organization.
keytool –selfcert –alias v4pa-adapter –dname dn-of-org –keystore v4pa-adapter.jks
dn-of-org is the distinguished name of the organization to which the certificate is issued, for example, "OU=Management Platform, O=VMware, Inc., C=US".
By default, the certificate signature uses the SHA1withRSA algorithm. You can override this default by specifying the name of the algorithm with the -sigalg option.
- Use the keytool utility with the -certreq option from the adapter work directory to generate a certificate signing request.
A certificate signing request is required to request a certificate from a certificate signing authority.
keytool –certreq –alias v4pa-adapter –file certificate-request-file -keystore v4pa-adapter.jks
certificate-request-file is the name of the file that will contain the certificate signing request.
- Upload the certificate signing request to a certificate authority and request a signed certificate.
If the certificate authority requests a password for the certificate private key, use the password configured for the certificate store.
The certificate authority returns a signed certificate.
- To import the certificate, copy the certificate file to the vRealize Operations for Published Applications adapter work directory and run the keytool utility with the –import option.
keytool –import –alias v4pa-adapter –file certificate-filename -keystore v4pa-adapter.jks
certificate-filename is the name of the certificate file from the certificate authority.
When the keytool utility is finished, the signed certificate is imported to the adapter certificate store.
- To start using the new certificate, restart the vRealize Operations for Published Applications adapter on the node where the adapter is running.
Run the service vmware-vcops restart command.
Use the Windows Services tool (services.msc) to restart the vRealize Operations for Published Applications Adapter service.
What to do next
After you restart the vRealize Operations for Published Applications adapter, you must pair any broker agents that are attached to the vRealize Operations for Published Applications adapter. See Certificate Pairing.