The Aria Suite Lifecycle Manager is the one-stop shop for managing, configuring, and lifecycling your Aria suite. You can read more on VMware’s site ‘What is VMware Aria Suite Lifecycle‘
In the homelab I deployed the Aria Suite LCM Easy Installer using the Windows Installer. Once the appliance is up, this is a website accessed using FQDN. I’m going to install a custom CA from an internal Active Directory Certificate Service.
Because Aria LCM helps manage all kinds of settings such as DNS, NTP, Product binaries, repositories, and even certificates. We will begin by accessing ‘Locker’ from the Services menu
You will find that Locker is used to maintain Certificates, Passwords, and Licenses. In our case, we will select Certificates >> ‘Generate CSR’ so that we can generate a certificate request.
Complete the request
Once the certificate request is generated a *.pem file that contains the certificate request along with the private key. I’m using Notepad++ to edit the file so I can have it ready.
The next step will be to access my method of obtaining a certificate from Active Directory Certificate Services
The Certificate Template used is a ‘Web Server’ template that I created. I did follow some VMware KBs to assist with creating templates and even using them for vCenter appliances. KB2112009 & KB2112014
Copy the first part in the *.pem file downloaded from the appliance, select the template, and click ‘Submit’
When you download the certificate from the top link it should download in a *p7b file.
The next step is you can open a new file in a text editor that will allow you to save in certificate format and you will want to copy that entire string first in the file.
The second part of the string will be the root certificate from your CA and finally the last one will be the Private Key which was generated from Aria Suite LCM earlier in the *.pem file.
The following is an example of how it would be laid out. Save the file and next step will be importing it into Aria LCM
Go back to Aria LCM >> Locker >> Certificates and click ‘Import.
Look for the new *.pem file containing all 3 digital signatures and add it, if successful it should populate the 2 fields and give the certificate a unique name as this will be the name it’s saved in the system.
Click Import.
Our Cert is in
Next step will be to update the certificate on the actual appliance, up until now this was all generating and adding the cert to a repository.
From Aria LCM ‘My Services’ select ‘Lifecycle Operations’
From the far-right click ‘Settings’ and then ‘Change Certificate’
Click ‘Replace Certificate’
The ‘Replace Certificate’ wizard will appear, click Next.
From the drop-down menu, you will have the certificate imported earlier. Select that and click ‘Next’
The final step will be a Precheck option, click that and give it a moment to run, once it’s Passed, click Next.
The final step I took, close out of all browsers and access the appliance web interface again and no more warning message, we now have a secure connection to the appliance validating via certificate to our internal AD CA.