6.2
Table Of Contents
- System Administration
- Contents
- System Administration
- Updated Information
- Configuring vRealize Automation
- Configuring System Settings
- Configuring IaaS
- The Customer Experience Improvement Program
- Configure the vRealize Automation Appliance Database
- Perform an Appliance Database Failover
- Validate Appliance Database Replication
- Bulk Import, Update, or Migrate Virtual Machines
- Managing vRealize Automation
- Managing Tenants
- Brand Tenant Login Pages
- Install a Hotfix
- Updating vRealize Automation Certificates
- Extracting Certificates and Private Keys
- Update vRealize Automation Certificates when all are Expired
- Updating the Identity Appliance Certificate
- Updating the vRealize Appliance Certificate
- Updating the IaaS Certificate
- Replace the Identity Appliance Management Site Certificate
- Updating the vRealize Appliance Management Site Certificate
- Replace a Management Agent Certificate
- Resolve Certificate Revocation Errors
- View License Usage
- Monitoring Logs and Services
- Starting Up and Shutting Down vRealize Automation
- Customize Data Rollover Settings
- Remove an Identity Appliance from a Domain
- Backup and Recovery for vRealize Automation Installations
- Backing Up vRealize Automation
- Activate the Failover IaaS Server
- vRealize Automation System Recovery
Updating vRealize Automation Certificates
A system administrator can replace certificates for vRealize Automation components. Typically, you
replace a certificate to switch from self-signed certificates to certificates provided by a certificate authority
or when a certificate expires.
When you replace a certificate for a vRealize Automation component, components that have a
dependency on this certificate are affected. You must register the new certificate with these components
to ensure certificate trust.
You must update all components of the same type in a distributed system. For example, if you update a
certificate for one vRealize Appliance in a distributed environment, you must update all instances of
vRealize Appliance for that installation.
Certificates for the Identity Appliance management site and vRealize Appliance management site do not
have registration requirements.
Note vRealize Automation supports both SHA1 and SHA2 certificates. The self-signed certificates
generated by the system use SHA-256 With RSA Encryption. You may need to update
vRealize Automation components to use SHA2 certificates due to browser requirements.
Update components in the following order:
1 Identity Appliance
2 vRealize Appliance
3 IaaS components
With one exception, changes to later components in this list do not affect earlier ones. For example, if you
import a new certificate to a vRealize Appliance, you must register this change with the IaaS server, but
not with the Identity Appliance. The exception is that an updated certificate for IaaS components must be
registered with vRealize Appliance.
The following table shows registration requirements when you update a certificate.
Table 6‑3. Registration Requirements
Updated Certificate
Register new certificate
with Identity Appliance
Register new certificate
with vRealize Appliance
Register new certificate with
IaaS
Identity Appliance Not applicable Done automatically when you
replace the vRealize
Appliance certificate
Done automatically when you
replace the vRealize Appliance
certificate
vRealize Appliance No Not applicable Yes
IaaS No Yes Not applicable
Note If your certificate uses a passphrase for encryption and you do not enter it when you replace your
certificate on the virtual appliance, the certificate replacement fails and the message Unable to load
private key appears.
System Administration
VMware, Inc. 49