7.4
Table Of Contents
- Managing vRealize Automation
- Contents
- Managing vRealize Automation
- Maintaining and Customizing vRealize Automation Components and Options
- Broadcast a Message on the Message Board Portlet
- Starting Up and Shutting Down vRealize Automation
- Updating vRealize Automation Certificates
- Extracting Certificates and Private Keys
- Replace Certificates in the vRealize Automation Appliance
- Replace the Infrastructure as a Service Certificate
- Replace the IaaS Manager Service Certificate
- Update Embedded vRealize Orchestrator to Trust vRealize Automation Certificates
- Update External vRealize Orchestrator to Trust vRealize Automation Certificates
- Updating the vRealize Automation Appliance Management Site Certificate
- Replace a Management Agent Certificate
- Change the Polling Method for Certificates
- Managing the vRealize Automation Postgres Appliance Database
- Backup and Recovery for vRealize Automation Installations
- The Customer Experience Improvement Program
- Adjusting System Settings
- Monitoring vRealize Automation
- Monitoring vRealize Automation Health
- Monitoring and Managing Resources
- Monitoring Containers
- Bulk Import, Update, or Migrate Virtual Machines
Certificates for the vRealize Automation appliance management site do not have registration
requirements.
Note If your certificate uses a passphrase for encryption and you fail to enter it when replacing your
certificate on the virtual appliance, the certificate replacement fails and the message Unable to load
private key appears.
The vRealize Orchestrator component that is associated with your vRealize Automation deployment has
its own certificates, and it must also trust the vRealize Automation certificates. By default, the
vRealize Orchestrator component is embedded in vRealize Automation, but you can elect to use an
external vRealize Orchestrator. In either case, see the vRealize Orchestrator documentation for
information about updating vRealize Orchestrator certificates. If you update or replace the
vRealize Automation certificates, you must update vRealize Orchestrator to trust the new certificates.
Note If you use a multi-node vRealize Orchestrator deployment that is behind a load balancer, all
vRealize Orchestrator nodes must use the same certificate.
For important information about troubleshooting, supportability, and trust requirements for certificates, see
the VMware knowledge base article at http://kb.vmware.com/kb/2106583.
Extracting Certificates and Private Keys
Certificates that you use with the virtual appliances must be in the PEM file format.
The examples in the following table use Gnu openssl commands to extract the certificate information you
need to configure the virtual appliances.
Table 2‑2. Sample Certificate Values and Commands (openssl)
Certificate Authority Provides Command Virtual Appliance Entries
RSA Private Key openssl pkcs12 -in path _to_.pfx
certificate_file -nocerts -out key.pem
RSA Private Key
PEM File openssl pkcs12 -in path _to_.pfx
certificate_file -clcerts -nokeys -out
cert.pem
Certificate Chain
(Optional) Pass Phrase n/a Pass Phrase
Replace Certificates in the vRealize Automation Appliance
The system administrator can update or replace a self-signed certificate with a trusted one from a
certificate authority. You can use Subject Alternative Name (SAN) certificates, wildcard certificates, or any
other method of multi-use certification appropriate for your environment as long as you satisfy the trust
requirements.
When you update or replace the vRealize Automation appliance certificate, trust with other related
components is re-initiated automatically. See Updating vRealize Automation Certificates for more
information about updating certificates.
Managing vRealize Automation
VMware, Inc. 13