As a system administrator, you need to update all of your vRealize Automation certificates because they have expired or are no longer appropriate for your deployment.

About this task

You must update certificates and appropriate trust relationships for all vRealize Automation system components in the specified order.

After updating certificates, if you encounter problems with trust relationships between vRealize Automation components, see the following Knowledge Base article: https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2110207

Prerequisites

  • Obtain the appropriate valid, fresh certificates for your vRealize Automation deployment, if applicable.

  • If you are using signed certificates, the certificate root CA, Intermediate CA, and CRL servers are all reachable by all vRealize Automation components.

Procedure

  1. Back up all vRealize Automation appliances and related databases.
  2. Replace the Identity Appliance certificate.
  3. Update the Identity Appliance trust relationship.
  4. Replace the vRealize Appliance certificate on all appliances.
  5. Update SSO registration for all instances of the vRealize Appliance.
  6. Replace the certificates on all IIS components running on Infrastructure Web Servers.
  7. Update the trust relationship with Model Manager Data artifacts on Infrastructure Web Servers.
  8. Update the certificates of Infrastructure components on he Infrastructure Web Server with Model Manager Data artifacts in order to establish trust between the appliances and the infrastructure.
  9. If the Manager Service resides on a separate tier from the Web Server, ensure that the Web Server tier certificate is trusted on all Infrastructure nodes.
  10. Update the Manager Service certificate.
  11. Verify that all Infrastructure nodes trust the certificate on the Manager Service.
  12. Update the vRealize Orchestrator plugins to trust the Infrastructure Web Appliance and SSO certificates.
  13. Update all templates to trust the Manager Service certificates.

    In the case of a combined deployment, this would be the Web/Manager Service.