VMware Cloud Community
beefy147
Enthusiast
Enthusiast
‎03-24-2015 06:53 AM
Jump to solution

Replace SSL certificate in VMware identity appliance

Hello

I have followed the steps to replace the Identity appliance with a CA signed certificate (latest version 2.2.1.0)

Everything went fine and I included the private key and full certificate chain which the Identity appliance expected.

however when i close down all browsers and navigate to identity appliance its still showing the default signed certificate (despite the SSL tab showing otherwise!)

I have rebooted the appliance and replaced the certificate with a new one but this has made no difference. Am I missing something?

0 Kudos
1 Solution

Accepted Solutions
willonit
Hot Shot
Hot Shot
‎03-24-2015 07:29 AM
Jump to solution

See GrantOrchardVMware's answer here vRA: Certificate doesn't seem to extend to port 5480.

Essentially 5480 runs using a different web server which the certificate is not installed to when you update it. There is a way to update the certificate for the 5480 site that can be found here vCloud Automation Center Documentation Center

View solution in original post

0 Kudos
6 Replies
sbeaver
Leadership
Leadership
‎03-24-2015 07:05 AM
Jump to solution

are you getting the default certificate connecting to port 5480 or port 7444?

Steve Beaver
VMware Communities User Moderator
VMware vExpert 2009 - 2020
VMware NSX vExpert - 2019 - 2020
====
Co-Author of "VMware ESX Essentials in the Virtual Data Center"
(ISBN:1420070274) from Auerbach
Come check out my blog: [www.virtualizationpractice.com/blog|http://www.virtualizationpractice.com/blog/]
Come follow me on twitter http://www.twitter.com/sbeaver

**The Cloud is a journey, not a project.**
beefy147
Enthusiast
Enthusiast
‎03-24-2015 07:20 AM
Jump to solution

5480

Are you about to tell me this is by design?

0 Kudos
beefy147
Enthusiast
Enthusiast
‎03-24-2015 07:23 AM
Jump to solution

I just connected to 7444 and feel a little stupid. any idea why this is the behaviour?

0 Kudos
willonit
Hot Shot
Hot Shot
‎03-24-2015 07:29 AM
Jump to solution

See GrantOrchardVMware's answer here vRA: Certificate doesn't seem to extend to port 5480.

Essentially 5480 runs using a different web server which the certificate is not installed to when you update it. There is a way to update the certificate for the 5480 site that can be found here vCloud Automation Center Documentation Center

0 Kudos
beefy147
Enthusiast
Enthusiast
‎03-24-2015 07:38 AM
Jump to solution

thanks both. I was pulling me hair out for about 90 minutes on this one! Smiley Happy

0 Kudos
mdittbrenner
Enthusiast
Enthusiast
‎03-24-2015 07:53 AM
Jump to solution

5480 runs on lighttpd

you can change the certificate for this.  Its called server.pem and runs at

/opt/vmware/etc/lighttpd

/opt/vmware/etc/lighttpd/server.pem

You need to rename this or delete.  Bring up your new cert name it server.pem and restart vami-lighttp service.