The certificate(s) can be added into a Cloud Proxy node by 2 methods:
Follow the appropriate method for your situation.
Add certificate(s) during Cloud Proxy deployment
During the Cloud Proxy OVA/OVF deployment, the Customize template menu allows you to paste the certificate content in the
Network Proxy Settings >
Custom CA field.
Notes:
- The lines below are mandatory and should not be cut from the CA:
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
- A Certificate group can be used here instead of a single CA.
- This method is not applicable for new Cloud Proxy deployments when the Cloud Proxy connection endpoint is the VMware Aria Operations (SaaS) cluster. VMware Aria Operations (SaaS) certificate for new installations is passed via OTK key.
Add certificate(s) to Cloud Proxy after deployment
This method should also be used when the VMware Aria Operations (SaaS) web certificate is changed or the Cloud Proxy connection endpoint should be changed to a Network Proxy or a Load Balancer which is used for SSL certificate connection.
- From the vCenter Server Web interface, perform a guest shut down on the Cloud Proxy VM.
- From the vCenter Server Web interface, right-click the Cloud Proxy VM and click Configure.
- Navigate to vApp Options > Properties.
- Press Add, then set Key class ID to cprc_ca and set Category to Network Proxy Settings.
- Under the Type tab, Insert the CA content in the Default value field and click Save.
Notes:
- The lines below are mandatory and should not be cut from the CA:
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
- To add multiple CAs, repeat steps 4-5 before proceeding to step 6.
- The imported CAs can be edited and deleted from the vApp Options > Properties screen.
- Certificates Group can be imported using this same method, however further management (add, edit or delete a certificate from the group) can be more difficult with only a single property entry.
- Power on the Cloud Proxy VM.
After the Cloud Proxy startup completes, the certificate(s) will be stored in the Cloud Proxy's certificate store.
For further certificate changes, the imported CAs can be edited and deleted from the
vApp Options >
Properties screen.
Example: