Additional SSL Certificates for vRA 7.x (inc vRO)
vRealize vRealize Automation vRealize Orchestrator Certificates
Published on 5 November 2016 by Christopher Lewis. Words: 288. Reading Time: 2 mins.
So when deploying vRealize Automation, I can be bit OCD when it comes to certificates and websites. Where possible/plausible, I like to make sure all of the sites in the deployment have trusted certificates especially if there is a root CA in play (after all they’re free certificates right?).
After deploying the VMware vRealize Automation 7.x appliance from the OVA (that’s the easy bit) and successfully (normally on the second/third attempt) running through the deployment wizard to deploy a Medium distributed environment. We end up with certificates for the following components:
- VMware vRealize Automation Virtual Appliance Website / VIP
- VMware vRealize Automation IaaS Web Server / VIP
- VMware vRealize Automation Manager Service Server /VIP
Assuming you supply CA Trusted Certificates during the deployment wizard, there is normally no need to make any changes to these certificates unless they age out.
(Note: in a Reference Architecture Medium Distributed environment, the IaaS Web Server and Manager Service is on a single Server (or load balanced pair) and uses a single Subject Alternative Name (SAN) certificate covering both VIPs and the 2 host FQDNs)
However, when carrying on the post deployment configuration I was left with that familiar OCD feeling because there were some certificates that were still self-signed. Namely, these were:
- VMware vRealize Appliance Virtual Appliance Management Infrastructure (VAMI)
- VMware vRealize Orchestrator Configurator
- VMware vRealize Orchestrator Package Signing Certificate
So, let’s scratch that OCD itch and tackle these one at a time in a series of posts to make it easier to read:
- Configuring SSL certificates for vRA 7.x (inc vRO) (this post)
- Replacing the Appliance Management Site Certificate for vRealize Automation
- Replacing the Control Center Certificate on an embedded vRO instance
- Replacing the Package Signing Certificate in vRO 7
Published on 5 November 2016 by Christopher Lewis. Words: 288. Reading Time: 2 mins.
- HOWTO: Access the vRealize Orchestrator Control Center when You're #Awesome ()
- Running Platypus on Docker with Synology NAS ()
- A Muggles Guide to creating a PEM encoded SSL Certificate using OpenSSL ()
- VMware vRealize Automation 7.1 Released ()
- HOWTO: Automate the installation of the External Platform Services Controller using PowerCLI & JSON - Part 3 ()
- Using the vRSLCM API to Deploy vRealize Automation SaltStack Config (Single Node)
- Using the Aria Automation API to configure a Cloud Account for VMware Cloud Director
- Using the vRSLCM API to Deploy vRealize Operations (Single Node)
- Using the vRSLCM API to Deploy vRealize Automation (Cluster Deployment)
- Using the vRSLCM API to Deploy vRealize Automation (Standard Deployment)