6.2
Table Of Contents
- System Administration
- Contents
- System Administration
- Updated Information
- Configuring vRealize Automation
- Configuring System Settings
- Configuring IaaS
- The Customer Experience Improvement Program
- Configure the vRealize Automation Appliance Database
- Perform an Appliance Database Failover
- Validate Appliance Database Replication
- Bulk Import, Update, or Migrate Virtual Machines
- Managing vRealize Automation
- Managing Tenants
- Brand Tenant Login Pages
- Install a Hotfix
- Updating vRealize Automation Certificates
- Extracting Certificates and Private Keys
- Update vRealize Automation Certificates when all are Expired
- Updating the Identity Appliance Certificate
- Updating the vRealize Appliance Certificate
- Updating the IaaS Certificate
- Replace the Identity Appliance Management Site Certificate
- Updating the vRealize Appliance Management Site Certificate
- Replace a Management Agent Certificate
- Resolve Certificate Revocation Errors
- View License Usage
- Monitoring Logs and Services
- Starting Up and Shutting Down vRealize Automation
- Customize Data Rollover Settings
- Remove an Identity Appliance from a Domain
- Backup and Recovery for vRealize Automation Installations
- Backing Up vRealize Automation
- Activate the Failover IaaS Server
- vRealize Automation System Recovery
Replace the Internet Information Services Certificate
The system administrator can replace an expired certificate or a self-signed certificate with one from a
certificate authority to ensure security in a distributed deployment environment.
You can use a Subject Alternative Name (SAN) certificate on multiple machines. Import the certificate to
the trusted root certificate store of all machines on which you installed the Website Component and
Manager Service (the IIS machines) during the IaaS installation.
Procedure
1 Obtain a certificate from a trusted certificate authority.
2 Open the Internet Information Services (IIS) Manager.
3 Double-click Server Certificates from Features View.
4 Click Import in the Actions pane.
a Enter a file name in the Certificate file text box, or click the browse button (…), to navigate to the
name of a file where the exported certificate is stored.
b Enter a password in the Password text box if the certificate was exported with a password.
c Select Mark this key as exportable.
5 Click OK.
6 Click on the imported certificate and select View.
7 Verify that the certificate and its chain is trusted.
If the certificate is untrusted, you see the message, This CA root certificate is not trusted.
Note You must resolve the trust issue before proceeding with the installation. If you continue, your
deployment fails.
8 Update IIS bindings.
a Select the site that hosts the component Web site and model manager.
b Click Bindings in the Action pane.
c Click Edit on the https (443) in the Site Bindings dialog box.
d Change the SSL certificate to the newly imported one.
9 Restart IIS or open an elevated command prompt window and type iisreset.
Update the vRealize Appliance with the IaaS Certificate
After certificates are updated on the IaaS servers, the system administrator updates the component
registry to reestablish trusted communications between the virtual appliances and IaaS components.
System Administration
VMware, Inc. 59