Replacing the vRealize Automation 7.3 IaaS Manager Service Certificate
Certificates VMware vRealize Automation vRealize Orchestrator
Published on 11 December 2017 by Christopher Lewis. Words: 470. Reading Time: 3 mins.
Introduction
This is the third in a series of posts covering the replacement of vRealize Automation SSL Certificates. In this post, we will tackle replacing the vRealize Automation IaaS Manager Service Certificate.
This post is based on the VMware procedure and this is documented here .
Step By Step Guide
Prerequisites
The following are expected prerequisites for this walkthrough:
- A fully deployed and working vRealize Automation solution.
- A set of certificate files:
- The RSA Private Key used to encrypt the vRA IaaS Manager certificate.
- The Root CA Certificate file.
- The vRA IaaS Manager Certificate file.
- The Root CA Certificate and any Subordinate/Intermediate CA Certificates are installed within the appropriate Certificate store on the local machine (normally the Trusted Root Certification Authorities and the Intermediate Certification Authority respectively).
Identifying the “Issue”
If you log into any vRA IaaS DEM or Agent server and navigate to https://vra7-man.fqdn/VMPS you will see the screen below:
As you will see, the certificate is the self-signed SSL certificate generated as part of the install that has no trusted Certification Path.
Let us go through the steps to fix that!
Replacing the Infrastructure as a Service Manager Certificate
- Navigate to the vRealize Automation Appliances Virtual Appliance Management Infrastructure (VAMI) interface,
https://vra.fqdn:5480.
- Log into the VAMI by typing the User Name and Password configured during the install wizard and clicking Login.
- Under vRA Settings, click Certificates.
- Under Component Type, select the Manager Service option.
- Under IaaS Web Certificate, select the Import Certificate option.
- Open the RSA Private Key in a text editor and copy and paste the information into the RSA Private Key field.
-----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- text.
- Open the Certificate and the Root Certificate file in a text editor and copy and paste the information into the Certificate Chain text field.
- You should include the
-----BEGIN CERTIFICATE-----and-----END CERTIFICATE-----text for each certificate. - The client SSL certificate should be first, then any intermediate CA certificates, followed by the Root CA certificate.
-
If required, enter the Passphrase into the text field.
-
Under Actions, click Save Settings.
(If required) Copy/Upload the vRealize Automation IaaS Manager Service certificate to the Manager Service load balancer configuration.
Verify the new SSL Certificate
Now, if you log into any of the vRealize Automation IaaS DEM or Agent servers and navigate to https://vra7-man.fqdn/VMPS you will see the screen below:
If you view the SSL certificate, you can see that it as been replaced with the certificate that has a certification path back to the Trusted Enterprise CA certificate! #JobDone
Next Step(s)
In the next post, we’ll look at the process for refreshing the embedded vRealize Orchestrator certificate.
Published on 11 December 2017 by Christopher Lewis. Words: 470. Reading Time: 3 mins.
- Replacing the vRealize Automation 7.3 IaaS Web Certificate ()
- Replacing the vRealize Automation 7.3 Appliance Certificate ()
- Replacing SSL Certificates in vRealize Automation 7.3 ()
- vRealize Automation and Orchestrator 7.3 Released! ()
- HOWTO: Configure a vRealize Automation 6 Advanced Services Endpoint for vCenter Server ()