Note on SSL Configuration: This procedure assumes your load balancer is configured for SSL Termination, which is the recommended approach. If your load balancer uses SSL Passthrough, the certificate is served directly from the VMware Identity Manager nodes, and this procedure does not apply.

1. Generate a New Certificate
   Request a new SSL certificate from your Certificate Authority (CA) or generate one within Aria Suite Lifecycle. It must meet the following requirements:
   • The Common Name (CN) must be the FQDN of the load balancer.
   • The Subject Alternative Name (SAN) field must include the FQDNs and IP addresses for all VMware Identity Manager nodes and the load balancer's virtual IP (VIP).
2. Import Certificate to Lifecycle Locker
   If you used an external CA, import the new certificate and its full chain (Root, Intermediate) into the Aria Suite Lifecycle Locker.
3. Add Certificate to NSX-T
   In the NSX-T Manager UI, navigate to System > Certificates and click on Import > Certificates and import the new SSL certificate. (Note: Ensure that you are adding entire certificate chain i.e. Server/Leaf, Imtermediate (if any) and Root certificates)
4. Assign Certificate to the Virtual Server
   Navigate to Networking > Load Balancing > Virtual Servers and Networking > Load Balancing > Monitor.
   • Find the virtual server for your VMware Identity Manager cluster and choose to Edit and click on SSL Configuration > Configure.
   • In the Server Certificate section, assign the new certificate for both Client and Server SSL.
5. Update Trust in Aria Suite Lifecycle
   Navigate back to the Aria Suite Lifecycle UI. For the VMware Identity Manager environment, trigger the Re-Trust Load Balancer operation to import the new public certificate.
6. Update Trust on Dependent Products
   For any other Aria products that are integrated with VMware Identity Manager (e.g., Aria Automation), trigger the Re-Trust Identity Manager action to ensure they trust the new certificate.