Replace SSL certificates on VMware vRealize Log Insight (vRLI) and vRealize Operations (vROps)

This post was originally published on this site


After the initial install of a couple of the vRealize products, Log Insight, and Operations, I wanted to remove the annoying warning about the default self-signed certificates not being trusted. I am running a Windows PKI, so will use this to issue replacement certificates. Both Log Insight and Operations follow the same process for generating a certificate, just the applying the certificate is slightly different.

The Solution

I started working with this guide from VMware to replace the certificates on Log Insight, but it did not cover all aspects such as including the certificate chain which is partly why I am writing my own guide.

Step 1 – Create a config file to feed into OpenSSL for CSR creation

Create a new file with the name ConfigName.cfg with the following contents

[ req ] default_md = sha512 default_bits = 2048 default_keyfile = rui.key distinguished_name = req_distinguished_name encrypt_key = no prompt = no string_mask = nombstr req_extensions = v3_req [ v3_req ] basicConstraints = CA:FALSE keyUsage = digitalSignature, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth, clientAuth subjectAltName = DNS: ServerShortName, DNS: ServerIPAddress, DNS: [ req_distinguished_name ] countryName = Country stateOrProvinceName = State localityName = City 0.organizationName = Company Name organizationalUnitName = vRealize

Want to learn more? Read the source post!