Configure a Certificate for use with vRealize Operations Tenant App
search cancel

Configure a Certificate for use with vRealize Operations Tenant App

book

Article ID: 337647

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

This article provides instructions for using OpenSSL to configure an authentication certificate for use with vRealize Operations Tenant App.

Resolution

First, generate a Certificate PEM for vRealize Operations Tenant App, then install the Certificate PEM in the vRealize Operations Tenant App UI.

Note: The certificates applied through the vRealize Operations Tenant App UI will be used only for securely connecting and serving the user interface to (external) clients.
We do not update the certificates for specific components of vRealize Operations Tenant App.

Generate a Certificate PEM file for use with vRealize Operations Tenant App

This example is from a Linux machine, but similar steps should work on Windows or Mac machines where OpenSSL is installed.
  1. Generate a key pair by running this command:

    openssl genrsa -out key_filename.key 2048
     
  2. Use the key to generate a certificate signing request by running this command:

    openssl req -new -key key_filename.key -out certificate_request.csr
     
  3. Submit the CSR file to your Certificate Authority (CA) to obtain a signed certificate.
  4. From your Certificate Authority, download the certificate and the complete issuing chain (one or more certificates). Download them in Base64 format.
  5. Enter the command to create a single PEM file containing all certificates and the private key. In this step, the example certificate is server_cert.cer and the issuing chain is cacerts.cer.

    Note: The order of CA's certs in the .PEM file: Cert, Private Key, Intermediate Cert and then Root Cert.

    cat server_cert.cer key_filename.key cacerts.cer > multi_part.pem

    Note: In Windows replace cat with type.
The finished PEM file should look similar to the following example, where the number of CERTIFICATE sections depends on the length of the issuing chain: 
-----BEGIN CERTIFICATE-----
(Your Primary SSL certificate: your_domain_name.crt)
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
(Your Private Key: your_domain_name.key)
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
(Your Intermediate certificate: DigiCertCA.crt)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Your Root certificate: TrustedRoot.crt)
-----END CERTIFICATE-----

Install a PEM in vRealize Operations Tenant App

Configure a certificate for use with vRealize Operations Tenant App.
  1. In a Web browser, navigate to the vRealize Operations Tenant App user interface.
https://tenant-app-node-FQDN-or-ip-address/
  1. Log in with the admin username and password.
  2. Navigate to Administration > SupportSSL Certificate.
  3. Click Browse and locate the certificate .pem file, and click Open to load the file in the Certificate Information text box.
Note: The certificate file must contain a valid private key and a valid certificate chain.
  1. Click Upload.


Powered by Wolken Software