A self-signed certificate is generated when you first install the vRealize Operations for Published Applications adapter. The desktop message server and the broker message server use this certificate by default to authenticate to the agents. You can replace the self-signed certificate with a certificate that is signed by a valid certificate authority.

Prerequisites

Procedure

  1. Log in to the node where the vRealize Operations for Published Applications adapter is running.
  2. Navigate to the vRealize Operations for Published Applications adapter's work directory.

    Platform

    Directory Location

    Linux

    /usr/lib/vmware-vcops/user/plugins/inbound/V4PA_adapter3/work

    Windows

    C:\vmware\vcenteroperations\user\plugins\inbound\V4PA_adapter3\work

  3. Use the keytool utility with the -selfcert option to generate a new self-signed certificate for the vRealize Operations for Published Applications adapter.

    Because the default self-signed certificate is issued to VMware, you must generate a new self-signed certificate before you can request a signed certificate. The signed certificate must be issued to your organization.

    For example:

    keytool –selfcert –alias v4pa-adapter –dname dn-of-org –keystore v4pa-adapter.jks

    dn-of-org is the distinguished name of the organization to which the certificate is issued, for example, "OU=Management Platform, O=VMware, Inc., C=US".

    By default, the certificate signature uses the SHA1withRSA algorithm. You can override this default by specifying the name of the algorithm with the -sigalg option.

  4. Use the keytool utility with the -certreq option from the adapter work directory to generate a certificate signing request.

    A certificate signing request is required to request a certificate from a certificate signing authority.

    For example:

    keytool –certreq –alias v4pa-adapter –file certificate-request-file -keystore v4pa-adapter.jks

    certificate-request-file is the name of the file that will contain the certificate signing request.

  5. Upload the certificate signing request to a certificate authority and request a signed certificate.

    If the certificate authority requests a password for the certificate private key, use the password configured for the certificate store.

    The certificate authority returns a signed certificate.

  6. To import the certificate, copy the certificate file to the vRealize Operations for Published Applications adapter work directory and run the keytool utility with the –import option.

    For example:

    keytool –import –alias v4pa-adapter –file certificate-filename -keystore v4pa-adapter.jks

    certificate-filename is the name of the certificate file from the certificate authority.

    When the keytool utility is finished, the signed certificate is imported to the adapter certificate store.

  7. To start using the new certificate, restart the vRealize Operations for Published Applications adapter on the node where the adapter is running.

    Platform

    Action

    Linux

    Run the service vmware-vcops restart command.

    Windows

    Use the Windows Services tool (services.msc) to restart the vRealize Operations for Published Applications Adapter service.

What to do next

After you restart the vRealize Operations for Published Applications adapter, you must pair any broker agents that are attached to the vRealize Operations for Published Applications adapter. See Certificate Pairing.