You can generate a new certificate for products that are deployed in vRealize Suite Lifecycle Manager.

Note: For migration from vRealize Suite Lifecycle Manager 1.3 and earlier, the global certificate will not be migrated to locker automatically. However, you can add the older certificate manually in Locker, if required. This populates the older certificate data from the environment's Infrastructure properties.

Prerequisites

  • Certificates that are about to expire in less than 15 days cannot be imported.
  • To manage the certificate for an imported environment, add the certificate in the vRealize Suite Lifecycle Manager and perform inventory sync so that the certificate is mapped to the imported environment, after which replace certificate and scale-out wizards will be aware of the existing certificate.

Procedure

  1. To add a certificate, navigate to Lifecycle Manager > Locker.
  2. You can either select Generate Certificate or Import Certificate.
    Option Description
    Generate
    1. Enter the required text boxes.
    2. Select the length of the Key.
    3. Enter the valid Server Domain/Hostname. You can also include the Wildcard certificate. For example, you can enter *.sql.local.
    4. Enter the FQDN or IP Address.
    5. Click Generate.
    Import Certificate
    1. Enter a valid certificate name.
    2. In the Passphrase text box, type <Cert-Password> (if applicable).
    3. Click Browse File and browse to the saved PEM file.
    4. When you upload a PEM file, the private key and certificate chain details are populated automatically.
    5. Enter the private key and certificate chain details manually.
    6. Click Import.
    The requirements for PEM file are:
    • Both certificate chain and key must be in the same file.
    • The PEM file that are imported can have 2048 bits key or 4096 bits key.
    • If the PEM file certificate is encrypted then the passphrase must be provided while importing the certificate into vRealize Suite Lifecycle Manager.
    Generate CSR
    1. Enter the required text boxes.
    2. Select the length of the key.
    3. Enter a valid domain name. You can also include the Wildcard certificate. For example, you can enter *.sql.local.
    4. Enter the IP address in which you are assigning the certificate.
    Note: Generate CSR downloads a PEM file. This file can be taken to the certificate authority for signing and can be made as a trusted certificate. The pem file downloaded will have the private kay and certificate request chain. You must be cautious and share only the CSR part of the pem file but not the key for the certificate signing.
  3. Click Generate.
  4. You can click the certificate from the inventory to view the details and its associated environments with their products.
  5. To download or replace the certificate, click the vertical ellipses on the certificate.

Results

vRealize Suite Lifecycle Manager generates a new certificate for the specific domain provided by the user.