vRealize Network Insight 3.5 – Installing a Custom Certificate, using CertGenVVD tool

Use Case

Building an SDDC following VMware’s Validated Designs, when adding vRealize Network Insight to the mix, it is possible to use the CertGenVVD tool to generate custom SSL certificates and install them to vRealize Network Insight.

Caveat – I assume you are familiar with the CertGenVVD tool and process!

Process to Generate Custom SSL Certificate and Install 

  1. Copy the existing vrops certificate template text file to vrni.txt
  2. Update vrni.txt CN to the vRNI platform VM FQDN
  3. Add the vRNI platform VM FQDN, short name, and IP to the SAN section
  4. Generate the certificate using the CertGenVVD PowerShell script
  5. Copy the public key full chain “vrni.crt” and place on a secure Linux system accessible to vRNI platform VM
    • When using 2-tier PKI, make sure to append the root CA public key to the end of the …chain.pem file generated by CertGenVVD
  6. Copy the private key to “vrni.key” on the same system (make sure to delete these files securely after completing all the steps here)
  7. Log in to vRNI platform using the CLI user (consoleuser, see default password)
  8. Follow the directions in this KB: https://kb.vmware.com/kb/2148128
    1. In the custom-cert command, the “host” is the Linux system where you copied the generated key files
  9. Verify by navigating to the platform VM URL

Note: Leaving out the fqdn in the SAN section caused Google Chrome to fail validation, although Internet Explorer 10 validated the cert with no issue.

Hope this helps.

Leave a Reply

Your email address will not be published. Required fields are marked *