10.2 Encryption
SSL encryption is used to secure communication with the administrator and product user interfaces. By default, vRealize Operations Manager installs a self-signed certificate. A Certificate Authority (CA) signed certificate can also be installed. The signed certificate must satisfy the following requirements:
• The certificate files contain both a valid private key and a valid certificate chain.
• The private key is generated by the RSA or the DSA algorithm.
• The private key is not encrypted by a passphrase.
• If the certificate is signed by a chain of other certificates, all other certificates are included in the certificate file.
• All the certificates and the private key included in the certificate file are in PEM format.
Design Considerations
Consider using a CA signed certificate to further secure communications. SSL certificates are added to the first node, and copied to other nodes as they join the cluster. With this in mind, include the subject alternative names (SAN) for future nodes in a certificate request.