These articles provide steps to sign certificates in a VMware vRealize Automation load balanced environment:
VMware vRealize Automation 6.2.x
VMware vRealize Automation 7.x
To sign the vRealize Automation certificates using the Microsoft CA:
vrasso.cfg :[ req ]
default_bits = 2048
default_keyfile = rui.key
distinguished_name = req_distinguished_name
encrypt_key = no
prompt = no
string_mask = nombstr
req_extensions = v3_req
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = DNS:vrasso, IP:10.xx.xx.xx, DNS:vrasso.domain.local
[ req_distinguished_name ]
countryName = YourCountry
stateOrProvinceName = YourState
localityName = YourLocal
0.organizationName = YourOrganization
organizationalUnitName = YourOU
commonName = vrasso.domain.local
vra01.cfg :[ req ]default_bits = 2048default_keyfile = rui.keydistinguished_name = req_distinguished_nameencrypt_key = noprompt = nostring_mask = nombstrreq_extensions = v3_req[ v3_req ]basicConstraints = CA:FALSEkeyUsage = digitalSignature, keyEncipherment, dataEnciphermentextendedKeyUsage = serverAuth, clientAuthsubjectAltName = DNS:vra01, IP:10.xx.xx.x, DNS:vra01.domain.local[ req_distinguished_name ]countryName = YourCountrystateOrProvinceName = YourStatelocalityName = YourLocal0.organizationName = YourOrganizationorganizationalUnitName = YourOUcommonName = vra01.domain.local
vra02.cfg :[ req ]default_bits = 2048default_keyfile = rui.keydistinguished_name = req_distinguished_nameencrypt_key = noprompt = nostring_mask = nombstrreq_extensions = v3_req[ v3_req ]basicConstraints = CA:FALSEkeyUsage = digitalSignature, keyEncipherment, dataEnciphermentextendedKeyUsage = serverAuth, clientAuthsubjectAltName = DNS:vra02, IP:10.xx.xx.x, DNS:vra02.domain.local[ req_distinguished_name ]countryName = YourCountrystateOrProvinceName = YourStatelocalityName = YourLocal0.organizationName = YourOrganizationorganizationalUnitName = YourOUcommonName = vra02.domain.local