Replacing the vRealize Automation 7.3 IaaS Web Certificate

Share this on:

Certificates VMware vRealize Automation vRealize Orchestrator

Published on 11 December 2017 by Christopher Lewis. Words: 375. Reading Time: 2 mins.

This is the second post in a series of posts covering the replacement of vRealize Automation SSL Certificates. In this post, we will tackle replacing the vRealize Automation IaaS Web Server Certificate.

This post is based on the VMware procedure and this is documented here.


The following are expected prerequisites for this walkthrough:

  • A fully deployed and working vRealize Automation solution.
  • A set of certificate files:
    • The RSA Private Key used to encrypt the vRA IaaS Web certificate.
    • The Root CA Certificate file.
    • The vRA IaaS Web Certificate file.
  • The Root CA Certificate and any Subordinate/Intermediate CA Certificates are installed within the appropriate Certificate store on the local machine (normally the Trusted Root Certification Authorities and the Intermediate Certification Authority respectively).

Replacing the Infrastructure as a Service Web Certificate

Navigate to the vRealize Automation Appliances Virtual Appliance Management Infrastructure (VAMI) interface, https://vra.fqdn:5480.

Log into the VAMI by typing the User Name and Password configured during the install wizard and clicking Login.

Note: By default, the username is always root.

Under vRA Settings, click Certificates.

Under Component Type, select the IaaS Web option.

Under IaaS Web Certificate, select the Import Certificate option.

Open the RSA Private Key in a text editor and copy and paste the information into the RSA Private Key field.

Note: You should include the -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- text.

Open the Certificate and the Root Certificate file in a text editor and copy and paste the information into the Certificate Chain text field.

Note: You should include the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- text for each certificate.

Note: The client SSL certificate should be first, then any intermediate CA certificates, followed by the Root CA certificate.

If required, enter the Passphrase into the text field.

Under Actions, click Save Settings.

Note: Don’t be alarmed if something doesn’t happen right away. Patience Padawan. it can take a few seconds to start the process. The process itself may take some time, so go grab a beverage!

(If required) Copy/Upload the vRealize Automation IaaS Web certificate to the Web Server load balancer configuration.

And there you have it!

Next Step(s)

In the next post, we’ll look at Replacing the vRealize Automation 7.3 Infrastructure as a Service Manager Service Certificate.