6.2
Table Of Contents
- System Administration
- Contents
- System Administration
- Updated Information
- Configuring vRealize Automation
- Configuring System Settings
- Configuring IaaS
- The Customer Experience Improvement Program
- Configure the vRealize Automation Appliance Database
- Perform an Appliance Database Failover
- Validate Appliance Database Replication
- Bulk Import, Update, or Migrate Virtual Machines
- Managing vRealize Automation
- Managing Tenants
- Brand Tenant Login Pages
- Install a Hotfix
- Updating vRealize Automation Certificates
- Extracting Certificates and Private Keys
- Update vRealize Automation Certificates when all are Expired
- Updating the Identity Appliance Certificate
- Updating the vRealize Appliance Certificate
- Updating the IaaS Certificate
- Replace the Identity Appliance Management Site Certificate
- Updating the vRealize Appliance Management Site Certificate
- Replace a Management Agent Certificate
- Resolve Certificate Revocation Errors
- View License Usage
- Monitoring Logs and Services
- Starting Up and Shutting Down vRealize Automation
- Customize Data Rollover Settings
- Remove an Identity Appliance from a Domain
- Backup and Recovery for vRealize Automation Installations
- Backing Up vRealize Automation
- Activate the Failover IaaS Server
- vRealize Automation System Recovery
Replace the vRealize Automation Appliance Management Site Certiļ¬cate
The vRealize Appliance uses lighttpd to run its own management site. You can replace the SSL certificate
of the management site service if your certificate expires or if you are using a self-signed certificate and
your company security policy requires you to use its SSL certificates. You secure the management site
service on port 5480.
You can choose to install a new certificate or reuse the certificate used byvCloud Automation Center
service on port 443.
When you request a new certificate to update another CA-issued certificate, it is a best practice to reuse
the Common Name from the existing certificate.
Prerequisites
n
New certificates must be in PEM format and the private key cannot be encrypted. By default, the
vRealize Appliance management site SSL certificate and private key are stored in a PEM file located
at /opt/vmware/etc/lighttpd/server.pem.
See Extracting Certificates and Private Keys if you require information about exporting a certificate
and private key from a Java keystore to a PEM file.
Procedure
1 Login through the appliance console or through SSH.
2 Back up your current certificate file.
cp /opt/vmware/etc/lighttpd/server.pem /opt/vmware/etc/lighttpd/server.pem-bak
3 Copy the new certificate to your appliance by replacing the content of the
file /opt/vmware/etc/lighttpd/server.pem with the new certificate information.
4 Run the following command to restart the lighttpd server.
service vami-lighttp restart
5 Login to the management console and validate that the certificate is replaced. You might need to
restart your browser.
The new vRealize Appliance management site certificate is installed.
What to do next
Update all Manangement Agents to recognize the new certificate.
For distributed deployments, you can update Management Agents manually or automatically. For minimal
installations, you must update agents manually.
System Administration
VMware, Inc. 63