Change or Replace the SSL Certificate of vRealize Business for Cloud

After deployment, you can replace vRealize Business for Cloud SSL certificate. You can change from self-signed certificate to Certifying Authority (CA) signed certificate. You can import the certificate private key and the certificate issued by a CA.

Prerequisites

To restore the old key store, backup the existing key store from /usr/local/tcserver/vfabric-tc-server-standard/sharedconf/ssl.keystore.

Procedure

Log in to the vRealize Business for Cloud Web console, https://vRealize_Business_for_Cloud_IP_address:5480.
Unregister vRealize Business for Cloud from vRealize Automation or VMware Identity Manager.
On the Administration tab, select SSL.

Select the certificate type from the Choose Mode menu. If you are using a PEM encoded certificate, select Import PEM encoded certificate.

Note: Using self-signed certificate is not recommended for production environments.

Option	Action
Generate a self-signed certificate	Type a common name for the certificate in the Common Name text box. You can use the fully qualified domain name of the virtual appliance (hostname.domain.name) or a wildcard, such as *.mycompany.com. Do not accept a default value, unless it matches the host name of the virtual appliance. Type your organization name, such as your company name, in the Organization text box. Type your organizational unit, such as your department name or location, in the Organizational Unit text box. Type a two-letter ISO 3166 country code, such as US, in the Country Code text box.
Import PEM encoded certificate	To import the certificate, verify that your certificate matches the following requirements: Keysize: 2048 Algorithm: RSA The distinguished name provided in the certificate must be reachable over network. Copy the certificate values from BEGIN PRIVATE KEY to END PRIVATE KEY, including the header and footer, and paste them in the RSA Private Key text box. Copy the certificate values from BEGIN CERTIFICATE to END CERTIFICATE, including the header and footer, and paste them in the Certificate(s) (.pem) text box. (Optional) If your certificate has a private key pass phrase, copy and paste it in the respective text box, which encrypts the private key of the certificate that you are importing.

Option

Action

Generate a self-signed certificate

Type a common name for the certificate in the Common Name text box. You can use the fully qualified domain name of the virtual appliance (hostname.domain.name) or a wildcard, such as *.mycompany.com. Do not accept a default value, unless it matches the host name of the virtual appliance.
Type your organization name, such as your company name, in the Organization text box.
Type your organizational unit, such as your department name or location, in the Organizational Unit text box.
Type a two-letter ISO 3166 country code, such as US, in the Country Code text box.

Import PEM encoded certificate

To import the certificate, verify that your certificate matches the following requirements:

Keysize: 2048
Algorithm: RSA
The distinguished name provided in the certificate must be reachable over network.

Copy the certificate values from BEGIN PRIVATE KEY to END PRIVATE KEY, including the header and footer, and paste them in the RSA Private Key text box.
Copy the certificate values from BEGIN CERTIFICATE to END CERTIFICATE, including the header and footer, and paste them in the Certificate(s) (.pem) text box.
(Optional) If your certificate has a private key pass phrase, copy and paste it in the respective text box, which encrypts the private key of the certificate that you are importing.

Click Replace Certificate.
Re-register vRealize Business for Cloud with vRealize Automation or VMware Identity Manager.

Note: If you are using VMware Identity Manager, you must restart the data collection services manually by running the monit start itbm-data-collector command.