7.3
Table Of Contents
- Managing vRealize Automation
- Contents
- Managing vRealize Automation
- Updated Information
- Maintaining and Customizing vRealize Automation Components and Options
- Broadcast a Message on the Message Board Portlet
- Starting Up and Shutting Down vRealize Automation
- Updating vRealize Automation Certificates
- Extracting Certificates and Private Keys
- Replace Certificates in the vRealize Automation Appliance
- Replace the Infrastructure as a Service Certificate
- Replace the IaaS Manager Service Certificate
- Update Embedded vRealize Orchestrator to Trust vRealize Automation Certificates
- Update External vRealize Orchestrator to Trust vRealize Automation Certificates
- Updating the vRealize Automation Appliance Management Site Certificate
- Replace a Management Agent Certificate
- Change the Polling Method for Certificates
- Managing the vRealize Automation Postgres Appliance Database
- Backup and Recovery for vRealize Automation Installations
- The Customer Experience Improvement Program
- Adjusting System Settings
- Monitoring vRealize Automation
- Monitoring vRealize Automation Health
- Monitoring and Managing Resources
- Monitoring Containers
- Bulk Import, Update, or Migrate Virtual Machines
n
Provide certificate thumbprint - Use this option if you want to provide a certificate thumb print to
use a certificate that is already deployed in the certificate store on the IaaS servers. Using this option
will not transmit the certificate from the virtual appliance to the IaaS servers. It enables users to
deploy existing certificates on IaaS servers without uploading them in the vRealize Automation
management console.
Also, you can select the Keep Existing option to keep your existing certificate.
Note In a clustered deployment, you must initiate certificate changes from the virtual appliance
management interface on the master node.
Certificates for the vRealize Automation appliance management site do not have registration
requirements.
Note If your certificate uses a passphrase for encryption and you fail to enter it when replacing your
certificate on the virtual appliance, the certificate replacement fails and the message Unable to load
private key appears.
The vRealize Orchestrator component that is associated with your vRealize Automation deployment has
its own certificates, and it must also trust the vRealize Automation certificates. By default, the
vRealize Orchestrator component is embedded in vRealize Automation, but you can elect to use an
external vRealize Orchestrator. In either case, see the vRealize Orchestrator documentation for
information about updating vRealize Orchestrator certificates. If you update or replace the
vRealize Automation certificates, you must update vRealize Orchestrator to trust the new certificates.
Note If you use a multi-node vRealize Orchestrator deployment that is behind a load balancer, all
vRealize Orchestrator nodes must use the same certificate.
For important information about troubleshooting, supportability, and trust requirements for certificates, see
the VMware knowledge base article at http://kb.vmware.com/kb/2106583.
Extracting Certificates and Private Keys
Certificates that you use with the virtual appliances must be in the PEM file format.
The examples in the following table use Gnu openssl commands to extract the certificate information you
need to configure the virtual appliances.
Table 3‑2. Sample Certificate Values and Commands (openssl)
Certificate Authority Provides Command Virtual Appliance Entries
RSA Private Key openssl pkcs12 -in path _to_.pfx
certificate_file -nocerts -out key.pem
RSA Private Key
PEM File openssl pkcs12 -in path _to_.pfx
certificate_file -clcerts -nokeys -out
cert.pem
Certificate Chain
(Optional) Pass Phrase n/a Pass Phrase
Managing vRealize Automation
VMware, Inc. 13