Certificate considerations for data collector node...

MeImNot76 · ‎04-12-2018

Hello,

I know that it's written somewhere in VMware documentation but I just cannot find it...do I need to add the data collector host names to the custom certificate that I'll be installing on the vROPS 6.6 cluster?

Thank you!

sxnxr · ‎04-13-2018

If you have a load balancer for UI access or go directly to the node for UI access then i would suggest you do. I have never tried to install a new data node with out having it in the certificate co i am not sure if it would fail

MeImNot76 · ‎04-15-2018

I will go through a LB for UI access and all the data nodes will be in the certificate SAN (tbh, I'm gonna add a couple of extra ones just to have room for growth), however my question was about remote collector nodes (apologies, I wrote data collector nodes in my OP), do you know if remote collector nodes are required to be in the certificate SAN as well?

MeImNot76 · ‎04-15-2018

Just found my answer on page 10 here https://docs.vmware.com/en/vRealize-Operations-Manager/6.6/vrealize-operations-manager-66-reference-...

Everything must be included in the certificate - "You must include all analytics, remote collectors, and load balancer DNS names in the Subject Alternative Names field of the certificate"

Thank you

ben_turner_ · ‎04-16-2018

Do you use EpOps at all, if so make sure that they are running at 6.6 as well.

I replaced a certificate in vROps 6.6 and not all the EpOps agents are running 6.6 - some were 6.4 (fall out from a vROps upgrade). It turned out that the 6.4 agent doesn't support certificate changes in vROps without the agent setup being re-ran! 6.6 as it turns out does and those agents continued to work correctly.

MeImNot76 · ‎04-17-2018

Hey Ben, we're on 6.6 so we shouldn't have issues, thanks for the heads up!

All

Certificate considerations for data collector nodes