1 person found this helpful
If you have a load balancer for UI access or go directly to the node for UI access then i would suggest you do. I have never tried to install a new data node with out having it in the certificate co i am not sure if it would fail
I will go through a LB for UI access and all the data nodes will be in the certificate SAN (tbh, I'm gonna add a couple of extra ones just to have room for growth), however my question was about remote collector nodes (apologies, I wrote data collector nodes in my OP), do you know if remote collector nodes are required to be in the certificate SAN as well?
Just found my answer on page 10 here https://docs.vmware.com/en/vRealize-Operations-Manager/6.6/vrealize-operations-manager-66-reference-architecture-guide.p…
Everything must be included in the certificate - "You must include all analytics, remote collectors, and load balancer DNS names in the Subject Alternative Names field of the certificate"
Do you use EpOps at all, if so make sure that they are running at 6.6 as well.
I replaced a certificate in vROps 6.6 and not all the EpOps agents are running 6.6 - some were 6.4 (fall out from a vROps upgrade). It turned out that the 6.4 agent doesn't support certificate changes in vROps without the agent setup being re-ran! 6.6 as it turns out does and those agents continued to work correctly.
Hey Ben, we're on 6.6 so we shouldn't have issues, thanks for the heads up!