Create vRealize Operations certificate for Load Balancing

For a project I’m currently working on, we are designing a large vRealize Operations (vROps) cluster with Load Balancing and High Availability requirements. Because I wanted to test all the vROps Load Balancing and HA features myself, I needed to create a proper certificate before putting the vROps appliances behind a Load Balancer. This article describes the steps you will have to take to create a proper certificate.

 
vROps-Certificate-vrops

To create the Certificate Request first download OpenSSL for Windows and install it in the default location : C:\OpenSSL-Win32

After OpenSSL is installed we can create the configuration file : C:\OpenSSL-Win32\Certs\vrops.cfg and add the following information. Change the marked values starting and ending with % to your own specification.

Then run the following commands

Now we can submit the Certificate Request to our Certificate Authority (CA).

vROps-Certificate-CSR

And save the generated certificate as a base64 file : C:\OpenSSL-Win32\Certs\vrops.cer

We must also not forget to download the CA certificate including the Subordinate / Intermediate CA information as base64 file : C:\OpenSSL-Win32\Certs\ca.cer

After the download is complete we can create the required pem file for vROps. The pem file needs to looks like the following example :

—–BEGIN CERTIFICATE—–
[vrops.cer]
—–END CERTIFICATE—–
—–BEGIN RSA PRIVATE KEY—–
[vrops.key]
——END RSA PRIVATE KEY—–
—–BEGIN CERTIFICATE—–
[optional intermidate.cer]
—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–
[ca.cer]
—–END CERTIFICATE—–

You can do this by running the following commands :

Now it is time to upload the pem file to the vROps appliances. This can be done by going to the admin page of the vROps appliance on https://MASTERNODEFQDN/admin and login. Click on the Certificate icon in the top right corner and select “Install New Certificate” and browse to the vrops.pem file.

vROps-Certificate-Install

Wait a couple of minutes, refresh the page and bingo a nice secure page without annoying warnings!

And after configuring the Load Balancer lets check if everything works as planned.

Load Balancer address :
vROps-Certificate-vrops
 

First Node :
vROps-Certificate-dcvro02

Second Node :
vROps-Certificate-dcvro01

So cool 🙂

 

OpenSSL “unable to write ‘random state'” error

 

When I was in the process to create a key file I received numerous times the error “unable to write ‘random state'”

Which can be easily solved by setting the RANDFILE variable in the DOS prompt.

Marco van Baggum

Marco van Baggum

Marco works as a Staff Consulting Architect at VMware. Want to learn more about Marco? Check out Marco's About page.

4 thoughts on “Create vRealize Operations certificate for Load Balancing

  1. Marco thanks for the reply……I misread the post and thought you were applying the cert to the VIP name but now see are using the masternodes FQDN. So can you use the same cert on all the nodes (master, master-replica and data)? If not, why would you include them in the configuration file? Thanks again, thepusher

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.