Here I will quickly show how to replace the standard SSL certificate of the VAMI interface of vRealize Automation 7.
This is identical with pretty much all Appliances which use the management port 5480
But for the sake of the article – this is vRA7 specific 🙂
Just to explain what certificate I am exactly referring to.
When you configure the SSL certificate in vRA for example, and I am talking about the certificate during the initial configuration, you really only replace the certificate for the host itself, which is used for the communication (i.e. IaaS <> vRA <> SSO).
In the below example you can see that, when browsing to port :5480, the certificate itself is self-signed.
But when browsing to the actual vRA interface, you can see the certificate configured during the initial configuration
But what if you want to have SSL security all the way through?
Unfortunately there isn’t an interface for it. You will need to do this from the console.
SSH to your vRA appliance.
Now go into the folder /opt/vmware/etc/lighttpd/
Here you can see the actual certificate: server.pem
There are two ways to change the certificate. Either you upload your new certificate to the same location and change the name in the configuration file lighttpd.conf
Or rename the file and give your certificate the same name.
Next we need to restart the VAMI webinterface
When you then browse to the vRA appliance on port :5480 – you should be able to see the new certificate.
If you can still only see your old certificate, then you might need to clean the browser cache, do a hard refresh or simply open a private tab.
As mentioned before – the same procedure applies to other appliances, such as vRO, vCenter etc.