The Aria Suite Lifecycle Manager is the one-stop shop for managing, configuring, and lifecycling your Aria suite. You can read more on VMware’s site ‘What is VMware Aria Suite Lifecycle‘
In the homelab I deployed the Aria Suite LCM Easy Installer using the Windows Installer. Once the appliance is up, this is a website accessed using FQDN. I’m going to install a custom CA from an internal Active Directory Certificate Service.
Because Aria LCM helps manage all kinds of settings such as DNS, NTP, Product binaries, repositories, and even certificates. We will begin by accessing ‘Locker’ from the Services menu
You will find that Locker is used to maintain Certificates, Passwords, and Licenses. In our case, we will select Certificates >> ‘Generate CSR’ so that we can generate a certificate request.
In my lab, to make things easier, I include multiple products under a single certificate containing FQDNS and IP addresses.
Complete the request
Once ‘Generate’ is clicked, the *pem file should automatically download, from here use any text/code editor to open it.
Copy the full generated certificate from the “——BEGIN all the way to the last EST——-“
The Certificate Template used is a ‘Web Server’ template that I created. I did follow some VMware KBs to assist with creating templates and even using them for vCenter appliances. KB2112009 & KB2112014
Copy the first part in the *.pem file downloaded from the appliance, select the template, and click ‘Submit’
Clicking ‘Download certificate’ with ‘Base 64 encoded’
Once you download the newly minted cert, open it in an editor and below it copy the root cert of your AD domain and below that will be the private key of the Aria CSR we generated earlier.
The following is an example of how it would be laid out. Save the file and next step will be importing it into Aria LCM
Green = Newly minted cert from internal CA
Purple = AD root certificate
Yellow = Private key originated from CSR in the beginning.
Save the file as a *.pem file.
Go back to Aria LCM >> Locker >> Certificates and click ‘Import.
Browse and locate the newly created *.pem file and it should automatically populate the fields, I’m not using a Pass Phrase and will click ‘Import’
Click Import.
Our Cert is in
Next step will be to update the certificate on the actual appliance, up until now this was all generating and adding the cert to a repository.
From Aria LCM ‘My Services’ select ‘Lifecycle Operations’
From the far-right click ‘Settings’ and then ‘Change Certificate’
Click ‘Replace Certificate’
The ‘Replace Certificate’ wizard will appear, click Next.
From the drop-down menu, you will have the certificate imported earlier. Select that and click ‘Next’
The final step will be a Precheck option, click that and give it a moment to run, once it’s Passed, click Next.
The final step was to close out all browser sessions, relaunch a new session, and access the LCM appliance FQDN
