vRealize Operations Manager - Install New Certificate

 in VMware / vRealize / vROPs by

Here’s how to install internally signed certificates for vRealize Operation Manager - vROps. First install and configure OpenSSL, I am using it on a Windows box. Open a command prompt and change directory to where OpenSSL is installed. You need to first generate a new key pair with a 2048 key length, this creates the file in the Bin folder of the OpenSSL directory. Leave this file here for later

>openssl genrsa -out new.key 2048

Generate a certificate signing request by using that key

>openssl req -new -key new.key -out vrealize.csr

Enter the details of the request as prompted. In this example the request will be called vrealize.csr and the common name will be vrealize.domain.local

Now browse to your CA - https://servername/certsrv - Request a certificate

Choose Advanced - “Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file….”

Open the request file in a notepad and copy the contents into the request box, this will be in the Bin directory of OpenSSL unless you have moved it. Select a certificate template that meets the requirements

Submit the request and download as Base 64 Encoded

Download certificate and save it locally to you machine as “certnew.cer”. Also download the root certificate and any intermediate certificates as Base 64 Encoded and save it locally as root.cer and intermediate.cer. Copy these files to where OpenSSL is installed and into the Bin directory. Open another command prompt and change directory to where OpenSSL is installed. Now you need to combine the server certificate, intermediate(s) and root certificate into a new .pem certificate file. In this example it will create a file called vrealize.pem.

Note - start the command with “type” on a Windows box otherwise use “cat”

>type certnew.cer new.key root.cer intermediate.cer > vrealize.pem

Now browse to the admin webpage of vROps and log in as an admin. On the right hand side of the page select the certificate icon

This will display the information of the default self generated VMware certificate

Select “Install New Certificate” and select the new vrealize.pem file

Check these details are correct and hit “Install”. Once installed you can now browse to the webpage with the correctly sign certificate

Leave a comment

Your email address will not be published. Required fields are marked *