To prepare the vRealize Appliance for use, a system administrator configures the host settings, generates an SSL certificate, and provides SSO connection information.

About this task


You must use vsphere.local as the name of the default tenant. If you are using vCenter PSC version 6.0 for SSO, and have given the default tenant a different name, rename the tenant to vsphere.local.


  1. Navigate to the vRealize Appliance management console by using its fully qualified domain name,
  2. Continue past the certificate warning.
  3. Log in with user name root and the password you specified when you deployed vRealize Appliance.
  4. Select vRA Settings > Host Settings.



    Resolve Automatically

    Select Resolve Automatically to specify the name of the current host for the vRealize Appliance.

    Update Host

    For new hosts, select Update Host. Enter the fully qualified domain name of the vRealize Appliance,, in the Host Name text box.

    For distributed deployments that use load balancers, select Update Host. Enter the fully qualified domain name for the load balancer server,, in the Host Name text box.


    Configure SSO settings as described later in this procedure whenever you use Update Host to change a host name.

  5. Select the certificate type from the Certificate Action menu.

    If you are using a PEM-encoded certificate, for example for a distributed environment, select Import.

    Certificates that you import must be trusted and must also be applicable to all instances of vRealize Appliance and any load balancer through the use of Subject Alternative Name (SAN) certificates.


    If you use certificate chains, specify the certificates in the following order:

    • Client/server certificate signed by the intermediate CA certificate

    • One or more intermediate certificates

    • A root CA certificate




    1. Copy the certificate values from BEGIN PRIVATE KEY to END PRIVATE KEY, including the header and footer, and paste them in the RSA Private Key text box.

    2. Copy the certificate values from BEGIN CERTIFICATE to END CERTIFICATE, including the header and footer, and paste them in the Certificate Chain text box. For multiple certificate values, include a BEGIN CERTIFICATE header and END CERTIFICATE footer for each certificate.

    3. (Optional) If your certificate uses a pass phrase to encrypt the certificate key, copy the pass phrase and paste it in the Passphrase text box.

    Generate Certificate

    1. Type a common name for the self-signed certificate in the Common Name text box. You can use the fully qualified domain name of the virtual appliance ( or a wild card, such as * If you use a load balancer, you need to specify the FQDN of the load balancer or a wildcard that matches the name of the load balancer. If the name is the same as the host name for the virtual appliance, you can leave the text box empty. Do not accept a default value if one is shown, unless it matches the host name of the virtual appliance.

    2. Type your organization name, such as your company name, in the Organization text box.

    3. Type your organizational unit, such as your department name or location, in the Organizational Unit text box.

    4. Type a two-letter ISO 3166 country code, such as US, in the Country text box.

    Keep Existing

    Leave the current SSL configuration. Select this option to cancel your changes.

  6. Click Save Settings to save host information and SSL configuration.
  7. If required by your network or load balancer, copy the imported or newly created certificate to the virtual appliance load balancer.

    You might need to enable root SSH access in order to export the certificate.

    1. If not already logged in, log in to the Virtual Appliance Management Console as root.
    2. Click the Admin tab.
    3. Click the Admin sub menu.
    4. Select the SSH service enabled check box.

      Deselect the check box to disable SSH when finished.

    5. Select the Administrator SSH login check box.

      Deselect the check box to disable SSH when finished.

    6. Click Save Settings.
  8. Configure the SSO settings.
  9. Click Services.

    All services must be running before you can install a license or log in to the console. They usually start in about 10 minutes.


    You can also log in to the appliance and run tail -f /var/log/vcac/catalina.out to monitor service startup.

  10. Configure the license to enable the Infrastructure tab on the vRealize Automation console.
    1. Click vRA Settings > Licensing.
    2. Click Licensing.
    3. Enter a valid vRealize Automation license key that you downloaded when you downloaded the installation files, and click Submit Key.

    If you experience a connection error, you might have a problem with the load balancer. Check network connectivity to the load balancer.

  11. Click Messaging. The configuration settings and status of messaging for your appliance is displayed. Do not change these settings.
  12. Click the Telemetry tab.

    This product participates in VMware's Customer Experience Improvement Program (CEIP). Details regarding the data collected through CEIP and the purposes for which it is used by VMware are set forth at the Trust & Assurance Center at

    • Select Join the VMware Customer Experience Improvement Program to participate in the program.

    • Deselect Join the VMware Customer Experience Improvement Program to not participate in the program.

  13. Click Save Settings.
  14. Confirm that you can log into vRealize Automation console.
    1. Open a browser and navigate to

      If you are using a load balancer, the host name must be the fully qualified domain name of the load balancer.

    2. If prompted, continue past the certificate warnings.
    3. Log in with administrator@vsphere.local and the password you specified when configuring SSO.

      The console opens to the Tenants page on the Administration tab. A single tenant named vsphere.local appears in the list.