Replace vRO certificates in a vRA embedded installation

Some time ago I deployed vRealize Automation with vRealize Orchestrator embedded in the appliance in my home lab and I’m not very experienced yet with vRA and vRO. The reason that I deployed it is mainly that I want to get more hands-on experience with vRA and vRO and eventually use the gained knowledge for customers.

vRA was already running for a couple of months, and all the frontend self-signed certificates were already replaced by my Microsoft home lab CA issued certs. When I started using vRO, I noticed that the certificate was not replaced yet and that the appliance was still using the default self-signed one. I started googling how to replace the vRO certificate and found the following official VMware documentation. This article states that you can trust the already installed custom certificates in vRA. I executed every step from the official VMware guideline but was unsuccessful to replace the vRO certificates with the procedure. Fortunately, I was able to replace the certificates with another procedure.  (more…)

OpenSSL: Create CSR for certificate with additional Subject Alternative Name(s) (Windows)

Procedure to create CSR with SAN (Windows)

  • Login into server where you have OpenSSL installed (or download it here)
  • Go to the directory where openssl is located (on Windows)
  • Create a file named sancert.cnf  with the following information
[ req ]
default_bits       = 2048
distinguished_name = req_distinguished_name
req_extensions     = req_ext
[ req_distinguished_name ]
countryName                 = Country Name (NL)
stateOrProvinceName         = State or Province Name (ZH)
localityName               = Locality Name (AADR)
organizationName           = Organization Name (WGE)
commonName                 = Common Name (e.g. server FQDN)
[ req_ext ]
subjectAltName = @alt_names
DNS.1   = sslcert.wesleygeelhoed.nl
DNS.2   = dns2.com
DNS.3   = dns3.com

* You can add even more subject alternative names if you want. Just add DNS.4 = etcetera…

  • Save the file and execute following OpenSSL command, which will generate CSR and KEY file
openssl req -out sslcert.csr -newkey rsa:2048 -nodes -keyout private.key -config sancert.cnf

This will create sslcert.csr and private.key in the present working directory. Request your certificate with the created CSR and you’re all set!