6.2
Table Of Contents
- System Administration
- Contents
- System Administration
- Updated Information
- Configuring vRealize Automation
- Configuring System Settings
- Configuring IaaS
- The Customer Experience Improvement Program
- Configure the vRealize Automation Appliance Database
- Perform an Appliance Database Failover
- Validate Appliance Database Replication
- Bulk Import, Update, or Migrate Virtual Machines
- Managing vRealize Automation
- Managing Tenants
- Brand Tenant Login Pages
- Install a Hotfix
- Updating vRealize Automation Certificates
- Extracting Certificates and Private Keys
- Update vRealize Automation Certificates when all are Expired
- Updating the Identity Appliance Certificate
- Updating the vRealize Appliance Certificate
- Updating the IaaS Certificate
- Replace the Identity Appliance Management Site Certificate
- Updating the vRealize Appliance Management Site Certificate
- Replace a Management Agent Certificate
- Resolve Certificate Revocation Errors
- View License Usage
- Monitoring Logs and Services
- Starting Up and Shutting Down vRealize Automation
- Customize Data Rollover Settings
- Remove an Identity Appliance from a Domain
- Backup and Recovery for vRealize Automation Installations
- Backing Up vRealize Automation
- Activate the Failover IaaS Server
- vRealize Automation System Recovery
Prerequisites
n
Obtain the server name and IP address of the server that runs the IaaS Manager Service.
n
If necessary, convert the template on which the Guest Agent is installed to a virtual machine.
Procedure
1 Run the operating system appropriate commands in an elevated command prompt.
Option Description
Windows Run the following commands:
a
cd c:\vrmguestagent
b
echo | openssl s_client -connect
manager_service_load_balancer.mycompany.com:443 | sed -ne '/-
BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > cert.pem
Linux Run the following commands:
a
cd /usr/share/gugent
b
echo | openssl s_client -connect
manager_service_load_balancer.mycompany.com:443 | sed -ne '/-
BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > cert.pem
2 If applicable, convert the Guest Agent virtual machine back to a template.
Replace the Identity Appliance Management Site Certiļ¬cate
The Identity Appliance uses lighttpd to run its own management site. You can replace the SSL certificate
of the management site service, for example, if your certificate expires or if you are using a self-signed
certificate and your company security policy requires you to use its SSL certificates. You secure the
management site service on port 5480.
Prerequisites
To install a new certificate, the certificate must be in PEM format and the private key cannot be encrypted.
By default the Identity Appliance management site SSL certificate and private key are stored in a PEM file
located at /opt/vmware/etc/lighttpd/server.pem.
See Extracting Certificates and Private Keys if you require information about exporting a certificate and
private key from a Java keystore to a PEM file.
Procedure
1 Login through the appliance console or through SSH.
2 Back up your current certificate file.
cp /opt/vmware/etc/lighttpd/server.pem /opt/vmware/etc/lighttpd/server.pem-bak
3 Copy the new certificate to your appliance by replacing the content of the
file /opt/vmware/etc/lighttpd/server.pem with the new certificate information.
System Administration
VMware, Inc. 61