Generate a self-signed certificate

1. Log into the LCM node as root via SSH.
   
   
2. Run the following command to generate a self-signed certificate:
   
   # openssl req -newkey rsa:2048 -keyout domain.key -x509 -days 3650 -out domain.crt -nodes
   
   Note: This command will generate a self-signed certificate that is valid for 3650 days (10 years). You may alter the days as needed per your organization's security requirements.
   
   Note: When prompted by openssl, provide the required values for your company.  If you want to use the default certificate options, enter the following values:
   
   

   Prompt	Value
   Country	US
   State Or Province	California
   Locality	Palo Alto
   Organization	VMware, Inc.
   Organization Unit	Aria Suite Lifecycle
   Common Name	VMware Aria Suite Lifecycle

   
   
   
3. Expected output > domain.key & domain.crt
   
   
4. Move this files to location /opt/vmware/vlcm/cert
   
   
5. Backup existing cert "server.crt and server.key"
   
   
6. Rename domain.key & domain.crt to match - server.crt and server.key
   
   
7. After copying the certificates, restart the VMware Aria Suite Lifecycle proxy services to update the appliance certificate's.
   
   

8. Restart the system services by executing the following command in the SSH session:
   # systemctl restart nginx

9. Check the status of the system services by executing the following command in the SSH session:
   # systemctl status nginx

10. After restarting the services, verify that the certificate is updated on the appliance, open a browser and go to <https://lcm-server-host>
    
    
11. Verify that you see the new certificate in the browser.