I have been working with several customers & after changing the certs for things like vRealize Auotmation using VAMI, they notice that when they access VAMI at port 5480 (ex: https://vra.vt.com:5480), they noticed they still get the self signed cert instead of the signed cert they have installed. The reason for that is the cert that you install through VAMI is not used for VAMI, but to secure connection to the application where in the vRA/vCAC example it’s used to secure connections to the vRA/vCAC portal that is being served at 443.
For those who want to have a secure signed certs for VAMI, you will have to do it through the command line for now. Below is the instructions provided to me by GSS on how to do so for both the vCAC/vRA identity appliance as well the vCAC/vRA appliance. Please note you can use very similar steps for most of the other VMware appliances that uses VAMI.
Logon to the appliance console (EXVMware Identity Appliance console and execute the following commands:
- Copy the rui.pem file (certificate pem file) to the /tmp folder
- ls -l /opt/vmware/etc/lighttpd/server.pem and make a note of the server.pem timestamp
- cp /opt/vmware/etc/lighttpd/server.pem /opt/vmware/etc/lighttpd/server.pem.bak
- cp /tmp/rui.pem /opt/vmware/etc/lighttpd/server.pem
- ls -l /opt/vmware/etc/lighttpd/server.pem and verify the server.pem has been updated
- service vami-lighttp restart
Logon to the vCAC Appliance console
- ls -l /opt/vmware/etc/lighttpd/server.pem and make a note of the server.pem timestamp
- cp /opt/vmware/etc/lighttpd/server.pem /opt/vmware/etc/lighttpd/server.pem.bck
- cp /etc/apache2/server.pem /opt/vmware/etc/lighttpd/server.pem
- ls -l /opt/vmware/etc/lighttpd/server.pem and verify the server.pem has been updated
- service vami-lighttp restart
Hope this help!
Thanks so much
You absolutely made my day. BTW in vRA 6.2.2 this is not optional but required for IaaS service to install and work as expected.
Thanks