vRealize Automation uses SSL certificates for secure communication among IaaS components and instances of the vRealize Automation appliance. The appliances and the Windows installation machines exchange these certificates to establish a trusted connection. You can obtain certificates from an internal or external certificate authority, or generate self-signed certificates during the deployment process for each component.

For important information about troubleshooting, support, and trust requirements for certificates, see VMware Knowledge Base article 2106583.

You can update or replace certificates after deployment. For example, a certificate may expire or you may choose to use self-signed certificates during your initial deployment, but then obtain certificates from a trusted authority before going live with your vRealize Automation implementation.

Table 1. Certificate Implementations


Minimal Deployment (non-production)

Distributed Deployment (production-ready)

vRealize Automation Appliance

Generate a self-signed certificate during appliance configuration.

For each appliance cluster, you can use a certificate from an internal or external certificate authority. Multi-use and wildcard certificates are supported.

IaaS Components

During installation, accept the generated self-signed certificates or select certificate suppression.

Obtain a multi-use certificate, such as a Subject Alternative Name (SAN) certificate, from an internal or external certificate authority that your Web client trusts.

Certificate Chains

If you use certificate chains, specify the certificates in the following order.

  • Client/server certificate signed by the intermediate CA certificate

  • One or more intermediate certificates

  • A root CA certificate

Include the BEGIN CERTIFICATE header and END CERTIFICATE footer for each certificate when you import certificates.