Some time ago I deployed vRealize Automation with vRealize Orchestrator embedded in the appliance in my home lab and I’m not very experienced yet with vRA and vRO. The reason that I deployed it is mainly that I want to get more hands-on experience with vRA and vRO and eventually use the gained knowledge for customers.
vRA was already running for a couple of months, and all the frontend self-signed certificates were already replaced by my Microsoft home lab CA issued certs. When I started using vRO, I noticed that the certificate was not replaced yet and that the appliance was still using the default self-signed one. I started googling how to replace the vRO certificate and found the following official VMware documentation. This article states that you can trust the already installed custom certificates in vRA. I executed every step from the official VMware guideline but was unsuccessful to replace the vRO certificates with the procedure. Fortunately, I was able to replace the certificates with another procedure. (more…)
Today I had an unfortunate power outage at my home, therefore my lab was shutdown inadvertently. After powering up my systems again some Ubiquiti devices which were registered with my Unifi Controller had the disconnected status, even though I was able to ping them. After some reboots, and re-adoptions I didn’t get them online. (more…)
Currently i’m running my home lab environment on three physical Intel NUC devices. ESXi 6.5 is installed on each one of the NUCs and they are running a vSAN cluster (two M2 SSD inside each NUC, one for cache and the other for the capacity tier). Each NUC comes with 32 GB memory and a Intel(R) Core(TM) i5-6260U CPU @ 1.80GHz installed as well. Due to the fact that the Intel NUCs are just not flexible enough for me to test certain scenarios I decided to expand my existing lab environment.
How to replace the self-signed certificate from vRealize Network Insight by a custom-cert from your own internal CA.
Procedure to create CSR with SAN (Windows)
- Login into server where you have OpenSSL installed (or download it here)
- Go to the directory where openssl is located (on Windows)
- Create a file named sancert.cnf with the following information
[ req ]
default_bits = 2048
distinguished_name = req_distinguished_name
req_extensions = req_ext
[ req_distinguished_name ]
countryName = Country Name (NL)
stateOrProvinceName = State or Province Name (ZH)
localityName = Locality Name (AADR)
organizationName = Organization Name (WGE)
commonName = Common Name (e.g. server FQDN)
[ req_ext ]
subjectAltName = @alt_names
DNS.1 = sslcert.wesleygeelhoed.nl
DNS.2 = dns2.com
DNS.3 = dns3.com
* You can add even more subject alternative names if you want. Just add DNS.4 = etcetera…
- Save the file and execute following OpenSSL command, which will generate CSR and KEY file
openssl req -out sslcert.csr -newkey rsa:2048 -nodes -keyout private.key -config sancert.cnf
This will create sslcert.csr and private.key in the present working directory. Request your certificate with the created CSR and you’re all set!