VMware App Volumes – Replace the default App Volumes Manager SSL certificate

Welcome to my VMware App Volumes series. In this session I will describe how I replaced the default App Volumes Manager SSL certificate.

Replacing the App Volumes Manager SSL certificate was not as easy as I first thought. I actually found it to be a multi-tier procedure with the following tasks:

 

Create an openssl.cfg file

As described in VMware’s KB mentioned above, I first create the openssl.cfg-file and edit the line that starts with subjectAltName, as show below. I enter my server’s hostname, ip-address and fqdn. I also change the commonName at the bottom of the file.

AppVolumes_Certificate-01

 

Download and install OpenSSL for Windows

Pretty default procedure with download and next, next, next installation, no screenshots from this. If You experience problems with dll’s while trying to run the command below, download and install Visual C++ Redistributable Packages for Visual Studio 2013 from Microsoft

 

Create a self-signed certificate using OpenSSL for Windows

First I copy my openssl.cfg to “C:\Program Files\OpenSSL-Win64\bin”-folder and create the self-signed certificate, svserver.key and svserver.crt by running this command:

“Openssl req -nodes -new -x509 -keyout svserver.key -sha256 -out svserver.crt -days 3650 -config openssl.cfg -extensions v3_req”

AppVolumes_Certificate-02

 

Deploy the new certificate

Before I can copy the svserver.key and svserver.crt to “c:\Program Files (x86)\CloudVolumes\Manager\nginx\conf\”, I rename the existing files, just in case….

AppVolumes_Certificate-03

AppVolumes_Certificate-04

 

Backup and edit nginx.conf

First I stop the “App Volumes Manager” service and backup nginx.conf-file

AppVolumes_Certificate-06

AppVolumes_Certificate-07

In order to edit the nginx.conf-file I start an administrative cmd-prompt, launch notepad from cmd and open the nginx.conf-file manually

AppVolumes_Certificate-08

AppVolumes_Certificate-09

AppVolumes_Certificate-10

 

I update the ssl_certificate and ssl_certificate_key values with my own crt and key filenames

AppVolumes_Certificate-11

 

Reboot server and test ssl-certificate

Finally, I reboot the server and open VMware App Volumes Manager to verify the new certificate settings. Be aware, I use the hosts FQDN as URL, as this is what I setup in my openssl.cfg file. If I had used localhost when testing the certificate, this would fail. I click the certificate padlock to view the details. PS: I have seen, in some environments, the need to manually import the svserver.crt to the certificates store on the local server in order to finish this procedure successfully. This session’s procedure is also necessary to repeat on additional App Volumes Manager if you have any.

AppVolumes_Certificate-12

AppVolumes_Certificate-13

AppVolumes_Certificate-14

 

PS: It is important to use the correct url when testing the certificate, as it is configured to work with the fqdn in the openssl.cfg-file I created to begin with. If I had used https://localhost/login, there would have been a certificate-error on the login-page

 

VMware App Volumes Product Page

VMware App Volumes planning, deployment etc.

Disclaimer: Every tips/tricks/posting I have published here, is tried and tested in different it-solutions. It is not guaranteed to work everywhere, but is meant as a tip for other users out there. Remember, Google is your friend and don’t be afraid to steal with pride! Feel free to comment below as needed.