6.2
Table Of Contents
- System Administration
- Contents
- System Administration
- Updated Information
- Configuring vRealize Automation
- Configuring System Settings
- Configuring IaaS
- The Customer Experience Improvement Program
- Configure the vRealize Automation Appliance Database
- Perform an Appliance Database Failover
- Validate Appliance Database Replication
- Bulk Import, Update, or Migrate Virtual Machines
- Managing vRealize Automation
- Managing Tenants
- Brand Tenant Login Pages
- Install a Hotfix
- Updating vRealize Automation Certificates
- Extracting Certificates and Private Keys
- Update vRealize Automation Certificates when all are Expired
- Updating the Identity Appliance Certificate
- Updating the vRealize Appliance Certificate
- Updating the IaaS Certificate
- Replace the Identity Appliance Management Site Certificate
- Updating the vRealize Appliance Management Site Certificate
- Replace a Management Agent Certificate
- Resolve Certificate Revocation Errors
- View License Usage
- Monitoring Logs and Services
- Starting Up and Shutting Down vRealize Automation
- Customize Data Rollover Settings
- Remove an Identity Appliance from a Domain
- Backup and Recovery for vRealize Automation Installations
- Backing Up vRealize Automation
- Activate the Failover IaaS Server
- vRealize Automation System Recovery
In addition to certificates for the Identity Appliance, the vRealize Appliance, IaaS Website components,
and Manager Service components, your deployment can have certificates for the Identity Appliance
management site and the vRealize Appliance management site. Management Agents also have
certificates. Each IaaS machine runs a Management Agent.
For important information about troubleshooting, supportability, and trust requirements for certificates, see
the VMware knowledge base article at http://kb.vmware.com/kb/2106583.
Extracting Certificates and Private Keys
Certificates that you use with the virtual appliances must be in the PEM file format.
The examples in the following table use Gnu openssl commands to extract the certificate information you
need to configure the virtual appliances.
Table 6‑4. Sample Certificate Values and Commands (openssl)
Certificate Authority Provides Command Virtual Appliance Entries
RSA Private Key openssl pkcs12 -in path _to_.pfx
certificate_file -nocerts -out key.pem
RSA Private Key
PEM File openssl pkcs12 -in path _to_.pfx
certificate_file -clcerts -nokeys -out
cert.pem
Certificate Chain
(Optional) Pass Phrase n/a Pass Phrase
Update vRealize Automation Certificates when all are Expired
As a system administrator, you need to update all of your vRealize Automation certificates because they
have expired or are no longer appropriate for your deployment.
You must update certificates and appropriate trust relationships for all vRealize Automation system
components in the specified order.
After updating certificates, if you encounter problems with trust relationships between
vRealize Automation components, see the following Knowledge Base article:
https://kb.vmware.com/selfservice/microsites/search.do?
language=en_US&cmd=displayKC&externalId=2110207
Prerequisites
n
Obtain the appropriate valid, fresh certificates for your vRealize Automation deployment, if applicable.
n
If you are using signed certificates, the certificate root CA, Intermediate CA, and CRL servers are all
reachable by all vRealize Automation components.
Procedure
1 Back up all vRealize Automation appliances and related databases.
See Replace a Certificate in the vRealize Appliance.
System Administration
VMware, Inc. 50