The system administrator can replace a self-signed certificate with one from a certificate authority. The same certificate can be used on multiple machines.

About this task

The labels for the private key and certificate chain headers and footers depend on the certificate authority in use. Information here is based on headers and footers for a certificate generated by openssl.


  1. Navigate to the Identity Appliance management console by using its fully qualified domain name,
  2. Log in with user name root and the password you specified when you deployed the Identity Appliance.
  3. Click the SSO tab.

    The red text is a prompt, not an error message.

  4. Select the certificate type from the Choose Action menu.

    If you are using a PEM-encoded certificate, for example for a distributed environment, select Import PEM Encoded Certificate.

    Certificates that you import must be trusted and must also be applicable to all instances of vRealize Appliance and any load balancer by using Subject Alternative Name (SAN) certificates.


    If you use certificate chains, specify the certificates in the following order:

    • The client/server certificate signed by the intermediate CA certificate

    • One or more intermediate certificates

    • A root CA certificate



    Import PEM Encoded Certificate

    1. Copy the certificate values from BEGIN PRIVATE KEY to END PRIVATE KEY, including the header and footer, and paste them in the RSA Private Key text box.

    2. Copy the certificate values from BEGIN CERTIFICATE to END CERTIFICATE, including the header and footer, and paste them in the Certificate Chain text box.

    3. (Optional) If your certificate uses a pass phrase to encrypt the certificate key, copy the pass phrase and paste it in the Pass Phrase text box.

    Generate Self-Signed Certificate

    1. Type a common name for the self-signed certificate in the Common Name text box. You can use the fully qualified domain name of the virtual appliance ( or a wild card, such as *

    2. Type your organization name, such as your company name, in the Organization text box.

    3. Type your organizational unit, such as your department name or location, in the Organizational Unit text box.

    4. Type a two-letter ISO 3166 country code, such as US, in the Country text box.

    Keep Existing

    Leave the current SSL configuration. Select this option to cancel your changes.

  5. Click Apply Settings.


The certificate is updated.