Updating Certificates for vIDM services

Overview

The following is a general guide for renewing SSL certificates for vIDM Services which include: VMware Identity Manager or vIDM and the vIDM Connector. Information regarding updating certificates for Workspace ONE UEM services can be found here.
Note: If the Public 443 SSL certificate resides on the Load Balancer it will need to be updated there. The certificate needs to be updated for each data center.

 

Updating SSL certificates for vIDM

Prerequisites

In order to update your SSL certificate for vIDM, you will first have to generate a Certificate Signing Request (CSR) and obtain a valid, signed SSL certificate from a Certificate Authority (CA). The certificate must be in the PEM format. For the Common Name part of the Subject Domain Name (DN), use the fully-qualified domain name that is used to access the VMware Identity Manager service. If the VMware Identity Manager appliance is behind a load balancer, this is the load balancer server name. If SSL is not terminated on the load balancer, the SSL certificate used by the service must include Subject Alternative Names (SANs) for each of the fully qualified domain name (FQDN) in the VMware Identity Manager cluster so that nodes within the cluster can make requests to each other. in addition to using it for the Common Name, be sure to include a SAN for the FQDN host name that users use to access the VMware Identity Manager service, as in it is required by some browsers.
Note: This certificate may need to be renewed on the Load Balancer as well.

The procedure by which the certificates are updated will require restarting of services which will cause downtime.

 

Steps to Update Public SSL Certificate for vIDM and vIDM Connector (Inbound)

  1. In the administration console (https://vIDM.local:8443/cfg/), click Appliance Settings
  2. Click Manage Configuration and enter the administrative user password
  3. Select Install SSL Certificates > Server Certificate
  4. In the SSL Certificate field, select Custom Certificate
  5. In the SSL Certificate Chain text box, paste the server, intermediate, and root certificates
    Note: Certificates must include the entire certificate chain in the order described above.
  6. For each certificate, copy everything between and including the lines -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----. An example of such a chain is provided below.
  7. In the Private Key text box, paste the private key. Copy everything between ----BEGIN RSA PRIVATE KEY and ---END RSA PRIVATE KEY. An example of a private key is provided below.
    Note: The private key needs to be in the PKCS #1 format.
  8. Click Add

 

Example 1

Certificate Chain Example

-----BEGIN CERTIFICATE-----

jlQvt9WdR9Vpg3WQT5+C3HU17bUOwvhp/r0+

...

W53+O05j5xsxzDJfWr1lqBlFF/OkIYCPcyK1

-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----

WdR9Vpg3WQT5+C3HU17bUOwvhp/rjlQvt90+

...

O05j5xsxzDJfWr1lqBlFF/OkIYCPW53+cyK1
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----

dR9Vpg3WQTjlQvt9W5+C3HU17bUOwvhp/r0+

...

5j5xsxzDJfWr1lqW53+O0BlFF/OkIYCPcyK1

-----END CERTIFICATE-----

 

 

Example 2

Private Key Example

-----BEGIN RSA PRIVATE KEY-----

jlQvtg3WQT5+C3HU17bU9WdR9VpOwvhp/r0+

...

1lqBlFFW53+O05j5xsxzDJfWr/OkIYCPcyK1

-----END RSA PRIVATE KEY-----

 

 

 

Other Languages: 日本語

Have more questions? Submit a request

0 Comments

Article is closed for comments.