Additional SSL Certificates for vRA 7.x (inc vRO)

vRealize vRealize Automation vRealize Orchestrator Certificates

So when deploying vRealize Automation, I can be bit OCD when it comes to certificates and websites. Where possible/plausible, I like to make sure all of the sites in the deployment have trusted certificates especially if there is a root CA in play (after all they’re free certificates right?).

After deploying the VMware vRealize Automation 7.x appliance from the OVA (that’s the easy bit) and successfully (normally on the second/third attempt) running through the deployment wizard to deploy a Medium distributed environment. We end up with certificates for the following components:

• VMware vRealize Automation Virtual Appliance Website / VIP
• VMware vRealize Automation IaaS Web Server / VIP
• VMware vRealize Automation Manager Service Server /VIP

Assuming you supply CA Trusted Certificates during the deployment wizard, there is normally no need to make any changes to these certificates unless they age out.

(Note: in a Reference Architecture Medium Distributed environment, the IaaS Web Server and Manager Service is on a single Server (or load balanced pair) and uses a single Subject Alternative Name (SAN) certificate covering both VIPs and the 2 host FQDNs)

However, when carrying on the post deployment configuration I was left with that familiar OCD feeling because there were some certificates that were still self-signed. Namely, these were:

• VMware vRealize Appliance Virtual Appliance Management Infrastructure (VAMI)
• VMware vRealize Orchestrator Configurator
• VMware vRealize Orchestrator Package Signing Certificate

So, let’s scratch that OCD itch and tackle these one at a time in a series of posts to make it easier to read:

1. Configuring SSL certificates for vRA 7.x (inc vRO) (this post)
2. Replacing the Appliance Management Site Certificate for vRealize Automation
3. Replacing the Control Center Certificate on an embedded vRO instance
4. Replacing the Package Signing Certificate in vRO 7

• HOWTO: Access the vRealize Orchestrator Control Center when You're #Awesome (04/11/16)
• Running Platypus on Docker with Synology NAS (04/02/16)
• A Muggles Guide to creating a PEM encoded SSL Certificate using OpenSSL (05/11/16)
• VMware vRealize Automation 7.1 Released (23/08/16)
• HOWTO: Automate the installation of the External Platform Services Controller using PowerCLI & JSON - Part 3 (11/08/16)

• Using the vRSLCM API to Deploy vRealize Automation SaltStack Config (Single Node)
• Using the Aria Automation API to configure a Cloud Account for VMware Cloud Director
• Using the vRSLCM API to Deploy vRealize Operations (Single Node)
• Using the vRSLCM API to Deploy vRealize Automation (Cluster Deployment)
• Using the vRSLCM API to Deploy vRealize Automation (Standard Deployment)

active directory 6 aria automation 1 aws 2 blog 1 career 1 certificate authority 5 certificates 1 certification 92 cloud management 1 cloudnativecon 1 community 1 fun 1 general 9 home lab 2 kubecon 1 kubernetes 1 microsoft 7 nsx 45 nsx v 41 powercli 8 powershell 6 professional 1 reviews 1 vcap 48 vcap6 2 vcenter server 4 vcix 2 vexpert 9 vmug 5 vmware 99+ vmware cloud 3 vmware cloud director 1 vmware identity manager 2 vmworld 36 vrealize automation 78 vrealize automation saltstack config 1 vrealize business 2 vrealize log insight 1 vrealize operations 1 vrealize operations manager 5 vrealize orchestrator 11 vrealize suite 14 vrealize suite lifecycle manager 20 vsan 6 vsphere 9 windows 6

active directory 6 api 18 barcelona 24 certificates 15 certification 7 howto 42 microsoft 7 multi tenancy 9 nsx v 43 platform services controller 8 powercli 8 powershell 7 psc 6 vcap 8 vcap6 45 vcap6 cma 47 vcap6 nv 37 vcix6 nv 36 vexpert 19 vmug 8 vmware 99+ vmworld 35 vmworld 2016 13 vmworld 2017 9 vra 13 vrealize 7 vrealize automation 74 vrealize operations 8 vrealize orchestrator 20 vrealize suite lifecycle manager 11 vrslcm 20 vsan 7 vsphere 12