Disclaimer: These are my notes from studying for the 3V0-31.18 exam. If something doesn’t make sense, please feel free to reach out.
The main goal for this objective is the security of vRealize Automation.
Objective 8.1 – Renew, and/or replace security certificates on distributed vRealize Automation components
This is about replacing the certificates on these components:
- vRA appliance
- IaaS Manager Service Server
- Web Server
Other certificates that are in use manage themselves through self signed certificates to communicate. An external vRO must be done separately but if you’re using the embedded one it will update automatically.
All of these can be updated from the VAMI page of the vRA appliance. The different certificates can be managed from two pages:
- Host Settings page – vRealize Automation certificate
- Certificates page – IaaS certificates
Both of these pages provide different options to complete the certificate replacement.
- Generate – generate a self signed certificate to replace the existing certificate in situ
- Import – Use an existing certificate
- Provide thumbprint – Option to use a certificate if already imported into IaaS server certificate store. This just acts as a pointer, no certificate is physically transmitted
When you update a certificate, trust is re-initiated with other components.
Side note – If you use certificate chains, specify the certificates in the following order:
Client/server certificate signed by the intermediate CA certificate
One or more intermediate certificates
A root CA certificate
If you offload SSL on your load balancer, you will need to SSH to the appliance to export the certificate to upload to your load balancer.
While updating the certificate, a list of recent actions and success/failure is show near the bottom of the page.
That’s all for this one, fairly straightforward. Although it’s always worth remembering that exam questions are going to be scenario based so you’ll be asked to achieve an objective that may well touch multiple parts of vRA.