Additional SSL Certificates for vRA 7.x (inc vRO)
vRealize vRealize Automation vRealize Orchestrator Certificates
Published on 5 November 2016 by Christopher Lewis. Words: 288. Reading Time: 2 mins.
So when deploying vRealize Automation, I can be bit OCD when it comes to certificates and websites. Where possible/plausible, I like to make sure all of the sites in the deployment have trusted certificates especially if there is a root CA in play (after all they’re free certificates right?).
After deploying the VMware vRealize Automation 7.x appliance from the OVA (that’s the easy bit) and successfully (normally on the second/third attempt) running through the deployment wizard to deploy a Medium distributed environment. We end up with certificates for the following components:
- VMware vRealize Automation Virtual Appliance Website / VIP
- VMware vRealize Automation IaaS Web Server / VIP
- VMware vRealize Automation Manager Service Server /VIP
Assuming you supply CA Trusted Certificates during the deployment wizard, there is normally no need to make any changes to these certificates unless they age out.
(Note: in a Reference Architecture Medium Distributed environment, the IaaS Web Server and Manager Service is on a single Server (or load balanced pair) and uses a single Subject Alternative Name (SAN) certificate covering both VIPs and the 2 host FQDNs)
However, when carrying on the post deployment configuration I was left with that familiar OCD feeling because there were some certificates that were still self-signed. Namely, these were:
- VMware vRealize Appliance Virtual Appliance Management Infrastructure (VAMI)
- VMware vRealize Orchestrator Configurator
- VMware vRealize Orchestrator Package Signing Certificate
So, let’s scratch that OCD itch and tackle these one at a time in a series of posts to make it easier to read:
- HOWTO: Access the vRealize Orchestrator Control Center when You're #Awesome ()
- Running Platypus on Docker with Synology NAS ()
- A Muggles Guide to creating a PEM encoded SSL Certificate using OpenSSL ()
- VMware vRealize Automation 7.1 Released ()
- HOWTO: Automate the installation of the External Platform Services Controller using PowerCLI & JSON - Part 3 ()