The vRealize Appliance uses lighttpd to run its own management site. You can replace the SSL certificate of the management site service if your certificate expires or if you are using a self-signed certificate and your company security policy requires you to use its SSL certificates. You secure the management site service on port 5480.

About this task

You can choose to install a new certificate or reuse the certificate used byvCloud Automation Center service on port 443.

When you request a new certificate to update another CA-issued certificate, it is a best practice to reuse the Common Name from the existing certificate.

Prerequisites

  • New certificates must be in PEM format and the private key cannot be encrypted. By default, the vRealize Appliance management site SSL certificate and private key are stored in a PEM file located at /opt/vmware/etc/lighttpd/server.pem.

    See Extracting Certificates and Private Keys if you require information about exporting a certificate and private key from a Java keystore to a PEM file.

Procedure

  1. Login through the appliance console or through SSH.
  2. Back up your current certificate file.
    cp /opt/vmware/etc/lighttpd/server.pem /opt/vmware/etc/lighttpd/server.pem-bak
  3. Copy the new certificate to your appliance by replacing the content of the file /opt/vmware/etc/lighttpd/server.pem with the new certificate information.
  4. Run the following command to restart the lighttpd server.

    service vami-lighttp restart

  5. Login to the management console and validate that the certificate is replaced. You might need to restart your browser.

Results

The new vRealize Appliance management site certificate is installed.

What to do next

Update all Manangement Agents to recognize the new certificate.

For distributed deployments, you can update Management Agents manually or automatically. For minimal installations, you must update agents manually.

For information about automatic update, see Automatically Update Management Agents in a Distributed Environment to Recognize a vRealize Appliance Management Site Certificate. For information about manual update, see Manually Update Management Agents to Recognize a vRealize Appliance Management Site Certificate