Tag : Certificates

Written by Christopher Lewis on April 7, 2019 .

This is the sixth post in a series of posts covering the replacement of vRealize Automation SSL Certificates. In this post, we will tackle the replacement of the vRealize Automation Appliance VAMI Site Certificate.

This post is based on the VMware procedure and this is documented here .

Prerequisites

The following are expected prerequisites for this walkthrough:

  • A fully deployed and working vRealize Automation solution.
  • A set of certificate files:
  • The RSA Private Key used to encrypt the vRA Appliance certificate.
  • The Root CA Certificate file.
  • The vRA Appliance Certificate file.
  • The new Server.PEM file.
  • The Root CA Certificate and any Subordinate/Intermediate CA Certificates are installed within the appropriate Certificate store on the local machine (normally the Trusted Root Certification Authorities and the Intermediate Certification Authority respectively).

The Problem

The issue we see is that when you browse to https://vra.fqdn:5480, the site is untrusted.

Certificates

Written by Christopher Lewis on December 12, 2017 .

This is the fourth in a series of posts covering the replacement of vRealize Automation SSL Certificates. In this post, we will tackle steps required to update the embedded vRealize Orchestrator certificate following the replacement of the vRealize Automation Appliance certificate.

This post is based on the VMware procedure and this is documented within the VMware Documentation Site here .

According to the VMware, the reason for completing this additional step is that if you replace or update vRealize Automation certificates without completing this procedure, the vRealize Orchestrator Control Center may become inaccessible, and errors may appear in the vco-server and vco-configurator log files.

Certificates VMware vRealize Automation vRealize Orchestrator

Written by Christopher Lewis on December 11, 2017 .

This is the third in a series of posts covering the replacement of vRealize Automation SSL Certificates. In this post, we will tackle replacing the vRealize Automation IaaS Manager Service Certificate.

This post is based on the VMware procedure and this is documented here .

Prerequisites

The following are expected prerequisites for this walkthrough:

  • A fully deployed and working vRealize Automation solution.
  • A set of certificate files:
    • The RSA Private Key used to encrypt the vRA IaaS Manager certificate.
    • The Root CA Certificate file.
    • The vRA IaaS Manager Certificate file.
  • The Root CA Certificate and any Subordinate/Intermediate CA Certificates are installed within the appropriate Certificate store on the local machine (normally the Trusted Root Certification Authorities and the Intermediate Certification Authority respectively).

Identifying the “Issue”

If you log into any vRA IaaS DEM or Agent server and navigate to https://vra7-man.fqdn/VMPS you will see the screen below:

Certificates VMware vRealize Automation vRealize Orchestrator

Written by Christopher Lewis on December 11, 2017 .

This is the second post in a series of posts covering the replacement of vRealize Automation SSL Certificates. In this post, we will tackle replacing the vRealize Automation IaaS Web Server Certificate.

This post is based on the VMware procedure and this is documented here .

Prerequisites

The following are expected prerequisites for this walkthrough:

  • A fully deployed and working vRealize Automation solution.
  • A set of certificate files:
    • The RSA Private Key used to encrypt the vRA IaaS Web certificate.
    • The Root CA Certificate file.
    • The vRA IaaS Web Certificate file.
  • The Root CA Certificate and any Subordinate/Intermediate CA Certificates are installed within the appropriate Certificate store on the local machine (normally the Trusted Root Certification Authorities and the Intermediate Certification Authority respectively).

Replacing the Infrastructure as a Service Web Certificate

Navigate to the vRealize Automation Appliances Virtual Appliance Management Infrastructure (VAMI) interface, https://vra.fqdn:5480.

Certificates VMware vRealize Automation vRealize Orchestrator

Written by Christopher Lewis on December 11, 2017 .

In this series of posts we will walk through the process of upgrading all of the vRealize Automation Certificates. We’ll be moving from self-signed certificates that were deployed during the installation, to certificates that have been provided by an Enterprise Certificate Authority (CA). It is worth noting that the same process can be used to replace expiring SSL certificates as well.

Amongst other reasons, the purpose of doing this is to update the certificates so that communications between components is secured via a CA and for the following sites within the vRealize Automation deployment to be secured and trusted:

Certificates VMware vRealize Automation vRealize Orchestrator

Written by Christopher Lewis on December 11, 2017 .

This is the first in a series of posts covering the replacement of vRealize Automation SSL Certificates. For the purpose of these posts, I have deployed vRealize Automation 7.3 environment with self signed certificates. This means that when you navigate to https://vra7.fqdn/vcac , the site is not secure nor trusted. Therefore, you will be presented with something like the following in your browser (I mostly use Chrome):

We’re looking to achieve the following in the browser URL bar after the certificate has been replaced.

Certificates VMware vRealize Automation vRealize Orchestrator

Written by Christopher Lewis on November 5, 2016 .

The Series

  1. Configuring SSL certificates for vRA 7.x (inc vRO)
  2. Replacing the Appliance Management Site Certificate for vRealize Automation
  3. Replacing the Control Center Certificate on an embedded vRO instance
  4. Replacing the Package Signing Certificate in vRO 7

Replacing the Certificate

This is the final post in a series tackling the extra certificates you may want to replace once you have deployed vRealize Automation.

This is relatively straightforward to accomplish, but @SpasKaloferov covers this well in his article http://kaloferov.com/blog/how-to-change-the-ssl-certificate-of-a-vro-appliance-7-x/ so there is no point me re-inventing the wheel.

VMware vRealize Automation vRealize Orchestrator Certificates

Written by Christopher Lewis on November 5, 2016 .

The Series

  1. Configuring SSL certificates for vRA 7.x (inc vRO)
  2. Replacing the Appliance Management Site Certificate for vRealize Automation
  3. Replacing the Control Center Certificate on an embedded vRO instance
  4. Replacing the Package Signing Certificate in vRO 7

Replacing the Certificate

This is the third post in a series tackling the extra certificates you may want to replace once you have deployed vRealize Automation.

There are plenty of articles on changing the SSL certificate for this website https://vra-fqdn:8283/vco-vcoconfigurator on an External instance of vRealize Orchestrator, most notably is @SpasKaloferov ’s post http://kaloferov.com/blog/how-to-change-the-ssl-certificate-of-a-vro-appliance-7-x/

VMware vRealize Automation vRealize Orchestrator Certificates

Written by Christopher Lewis on November 5, 2016 .

The Series

  1. Configuring SSL certificates for vRA 7.x (inc vRO)
  2. Replacing the Appliance Management Site Certificate for vRealize Automation
  3. Replacing the Control Center Certificate on an embedded vRO instance
  4. Replacing the Package Signing Certificate in vRO 7

Replacing the Certificate

This is the second post in a series tackling the extra certificates you may want to replace once you have deployed vRealize Automation.

After a quick look around the VMware Documentation Center and I found the article for replacing the VAMI certificate ( https://vra.fqdn:5480 ). The VAMI certificate can be replaced using the same SAN certificate used for the vRA Virtual Appliance during the installation wizard, but it will need to be converted to Privacy Enhanced Mail (PEM) format to do so.

VMware vRealize vRealize Automation Certificates

Written by Christopher Lewis on November 5, 2016 .

So when deploying vRealize Automation, I can be bit OCD when it comes to certificates and websites. Where possible/plausible, I like to make sure all of the sites in the deployment have trusted certificates especially if there is a root CA in play (after all they’re free certificates right?).

After deploying the VMware vRealize Automation 7.x appliance from the OVA (that’s the easy bit) and successfully (normally on the second/third attempt) running through the deployment wizard to deploy a Medium distributed environment. We end up with certificates for the following components:

vRealize vRealize Automation vRealize Orchestrator Certificates