The internal certificates for vRealize Operations expire five years after its initial installation. Upgrade your internal certificates for vRealize Operations 6.3 and later versions using the certificate renewal PAK file. After logging in, if you see a message like, "vRealize Operations Manager internal certificates will expire on mm/dd/yyyy. Please install a new certificate before the expiry date. For more details, see KB 71018." in the Quick Start page, you must upgrade your internal certificates for vRealize Operations using the certificate renewal PAK file from the vRealize Operations Administrator interface.
Prerequisites
- Obtain the PAK file for your cluster. See Obtain the Software Update PAK File for details.
Note: The certificate renewal PAK is a standalone tool used only for the vRealize Operations internal certificate renew.
- Bring your cluster offline before installing the PAK file to upgrade your internal certificates.
Note: If your internal certificates have already expired, install the vRealize_Operations_Manager_Enterprise_Certificate_Renewal_PAK manually. For more information, see the following KB article 71018.
- Verify if the internal certificates need to be updated. Starting with version 8.6 of vRealize Operations, internal certificates are renewed when you upgrade a cluster, except when the cloud proxy version 8.4, 8.5, or earlier is present. Automatic certificate renewal will be available when cloud proxy is version 8.6 and is upgraded to higher versions. After each product upgrade, the cluster will have a new root-CA certificate with a 5-year validity period.
Note: Automatic certificate renewal does not affect custom certificates.