The system administrator can replace a self-signed certificate with a trusted one from a certificate authority. You can use Subject Alternative Name (SAN) certificates, wildcard certificates, or any other method of multi-use certification appropriate for your environment as long as you satisfy the trust requirements.

About this task

Procedure

  1. Navigate to the vRealize Appliance management console by using its fully qualified domain name, https://vra-va-hostname.domain.name:5480/.
  2. Log in with user name root and the password you specified when deploying the Identity Appliance.
  3. Navigate to vRA Settings > Host Settings.
  4. Go to the SSL Configuration pane.
  5. Select the certificate type from the Certificate Action menu.

    If you are using a PEM-encoded certificate, for example for a distributed environment, select Import.

    Certificates that you import must be trusted and must also be applicable to all instances of vRealize Appliance and any load balancer through the use of Subject Alternative Name (SAN) certificates.

    Note:

    If you use certificate chains, specify the certificates in the following order:

    • Client/server certificate signed by the intermediate CA certificate

    • One or more intermediate certificates

    • A root CA certificate

    Option

    Action

    Import

    1. Copy the certificate values from BEGIN PRIVATE KEY to END PRIVATE KEY, including the header and footer, and paste them in the RSA Private Key text box.

    2. Copy the certificate values from BEGIN CERTIFICATE to END CERTIFICATE, including the header and footer, and paste them in the Certificate Chain text box. For multiple certificate values, include a BEGIN CERTIFICATE header and END CERTIFICATE footer for each certificate.

    3. (Optional) If your certificate uses a pass phrase to encrypt the certificate key, copy the pass phrase and paste it in the Passphrase text box.

    Generate Certificate

    1. Type a common name for the self-signed certificate in the Common Name text box. You can use the fully qualified domain name of the virtual appliance (hostname.domain.name) or a wild card, such as *.mycompany.com. If you use a load balancer, you need to specify the FQDN of the load balancer or a wildcard that matches the name of the load balancer. If the name is the same as the host name for the virtual appliance, you can leave the text box empty. Do not accept a default value if one is shown, unless it matches the host name of the virtual appliance.

    2. Type your organization name, such as your company name, in the Organization text box.

    3. Type your organizational unit, such as your department name or location, in the Organizational Unit text box.

    4. Type a two-letter ISO 3166 country code, such as US, in the Country text box.

    Keep Existing

    Leave the current SSL configuration. Select this option to cancel your changes.

  6. Click Save Settings.

    After a few minutes, the certificate details appear on the page.

Results

The certificate is updated.