This is a prerequisite phase before configuring App Volumes Manager in the browser. A lot of this should already be accomplished in a production environment except the newly installed App Volumes Manager specific settings. This page can serve more than just for configuring security for App Volumes Manager.
At this point, the App Volumes Manager software should be installed. Reference the following article to install the App Volumes Manager: Installing VMware App Volumes 4 Manager – Part 1.
Rather than reiterate what’s already been written elsewhere that makes sense, I am just going to drop the appropriate links below and make notes where appropriate for reference.
Table of Contents
Using SSL Certificates with App Volumes Manager
Connecting Securely to Active Directory
I added the certificate in the following order: Root+Intermediate+Machine and named it adCA.pem. This file gets added to the C:\Program Files (x86)\CloudVolumes\Manager\config directory and then the App Volumes Manager service gets restarted.
Replace the Self-Signed Certificate with CA-signed Certificate
Add the CA signed certificate and key to the following directory: C:\Program Files (x86)\CloudVolumes\Manager\nginx\conf
Directory to nginx.conf configuration file: C:\Program Files (x86)\CloudVolumes\Manager\nginx\conf — Make a copy before editing!
Edit lines 57 and 58 to reflect the certificate and key added earlier.
Restart the App Volumes Manager service.
Add a Trusted Root Certificate to the Certificate Store
Add Custom Certificates
Convert Certificate Files to One-Line PEM Format
Use the following commands to convert .p12 or .pfx files to PEM.
openssl pkcs12 -in mycaservercert.pfx -nokeys -out mycaservercert.pem openssl pkcs12 -in mycaservercert.pfx -nodes -nocerts -out mycaservercertkey.pem openssl rsa -in mycaservercertkey.pem -check -out mycaservercertkeyrsa.pem
Create a Custom vCenter Server Role [for App Volumes Manager]
Create a Custom vCenter Server Role Using PowerCLI [for App Volumes Manager]
App Volumes 2.12.1 – vCenter Certificate becomes unverified. (2150281)
ref: https://kb.vmware.com/s/article/2150281
Use this article to have App Volumes Manager trust the vCenter Server certificate. I could not find this information anywhere else besides this kb.
To resolve the issue, add the vCenter CA certificate to the cacert.pem
Make sure that the cacert.pem file has the complete chain including the vCenter server certificate.
- Generated the cacert.pem and placed it under the directory “C:/Program Files (x86)/CloudVolumes/Manager/config/cacert.pem”
- Imported the vCenter CA cert and vCenter server cert to trusted store of the App Volume Manager.
- Restarted the App Volume Manager service.
Update: I added the certificates in the following order: Root+Intermediate+Machine to cacert.pem and copied the file into the C:/Program Files (x86)/CloudVolumes/Manager/config/ directory. I then restarted the App Volumes Manager service. When configuring the Machine Managers, the certificate error is not present.