When Directories Management is installed, a default SSL certificate is generated. You can use the default certificate for testing purposes, but you should generate and install commercial SSL certificates for production environments.

About this task

Note:

If the Directories Management points to a load balancer, the SSL certificate is applied to the load balancer.

Prerequisites

Generate a Certificate Signing Request (CSR) and obtain a valid, signed certificate from a CA. If your organization provides SSL certificates that are signed by a CA, you can use these certificates. The certificate must be in the PEM format.

Procedure

  1. Log in to the connector appliance administrative page as an admin user at the following location:

    https://myconnector.mycompany:8443/cfg

  2. In the administrator console, click Appliance Settings.

    VA Configuration is selected by default.

  3. Click Manage Configurations.
  4. Enter the VMware Identify Manager server admin user password.
  5. Select Install Certificate.
  6. In the Terminate SSL on the Identity Manager Appliance tab, select Custom Certificate.
  7. In the SSL Certificate Chain text box, paste the host, intermediate, and root certificates, in that order.

    The SSL certificate works only if you include the entire certificate chain in the correct order. For each certificate, copy everything between and including the lines -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----

    Ensure that the certificate includes the FQDN hostname.

  8. Paste the private key in the Private Key text box. Copy everything between ----BEGIN RSA PRIVATE KEY and ---END RSA PRIVATE KEY.
  9. Click Save.

Certificate Examples

Certificate Chain Example

-----BEGIN CERTIFICATE-----

jlQvt9WdR9Vpg3WQT5+C3HU17bUOwvhp/r0+

...

...

...

W53+O05j5xsxzDJfWr1lqBlFF/OkIYCPcyK1

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

WdR9Vpg3WQT5+C3HU17bUOwvhp/rjlQvt90+

...

...

...

O05j5xsxzDJfWr1lqBlFF/OkIYCPW53+cyK1

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

dR9Vpg3WQTjlQvt9W5+C3HU17bUOwvhp/r0+

...

...

...

5j5xsxzDJfWr1lqW53+O0BlFF/OkIYCPcyK1

-----END CERTIFICATE-----

Private Key Example

-----BEGIN RSA PRIVATE KEY-----

jlQvtg3WQT5+C3HU17bU9WdR9VpOwvhp/r0+

...

...

...

1lqBlFFW53+O05j5xsxzDJfWr/OkIYCPcyK1

-----END RSA PRIVATE KEY-----