Configuring VMware Identity Manager certificates when using a load balancer

1. Login into your VMware Identity Manager appliance and change the identity manager FQDN to the load balanced address.

changeFQDN2. Import  third party certificate e.g portal.company.com to the load balancer (including the chain)

3. Create a client SSL profile that contains the certificate

4. Assign SSL profile to the virtual server

(refer to load balancer documentation for steps 2, 3 and 4.  The assumption is you have the virtual server already setup with correct configuration)

5. On VMware Identity Manager appliance check the ‘terminate on load balancer’ option

terminateonssl

6. Upload the third party certificate root cert (including chain)

i) Export .cer

ii) Convert to .base64

iii) Edit in notepad++

iv) Copy and paste into root CA certificate box

Make sure you have stripped any headers from the certificates and preferably use notepad ++ to edit the certificate.  It should be in this kind of format and include the intermediate certificate if applicable.

cert

7. SSH to the appliance, login and root and use the curl command curl –v 3 –ssl https://FQDN to verify or troubleshoot the certificate

8. On the appliance click Dashboard and then Systems Diagnostics Dashboard and you should see the following if the process has been successful.

Capture

(step 6 – might not be required if you are using a well known certification authority and have internet access configured on the appliance – in my case I did not have the proxy configured.  This can be done but I haven’t tested.

Leave a Reply

Your email address will not be published. Required fields are marked *