After you generate the PEM certificate chain file that contains the own certificate, the signer certificate and the private key file, upload the certificate chain to vRealize Log Insight.

1

Log in to the vRealize Log Insight user interface.

a

Open a Web browser and go to https://vrli-cluster-01.sfo01.rainpole.local.

b

Log in using the following credentials.

Setting

Value

User name

admin

Password

vrli_admin_password

2

In the vRealize Log Insight user interface, click the configuration drop-down menu icon  and select Administration.

3

Under Configuration, click SSL.

4

On the SSL Configuration page, next to New Certificate File (PEM format) click Choose File, browse to the location of the PEM file on your computer, and click Save.

Certificate Generation Option

Certificate File

Using the CertGenVVD tool

vrli.sfo01.2.chain.pem

The certificate is uploaded to vRealize Log Insight. 

5

Import the certificate into the Java Keystore on each vRealize Log Insight node.

a

Open an SSH session and go each of the vRealize Log Insight nodes.

Name

Role

vrli-mstr-01.sfo01.rainpole.local

Master node

vrli-wrkr-01.sfo01.rainpole.local

Worker node 1

vrli-wrkr-02.sfo01.rainpole.local

Worker node 2

b

Log in using the following credentials.

Setting0

Value

User name

root

Password

vrli_root_password

c

Convert the on-disk vrli.sfo01.2.chain.pem file into a vrli.sfo01.2.chain.crt file.

openssl x509 -in /root/vrli.sfo01.2.chain.pem -inform PEM -out /root/vrli.sfo01.2.chain.crt
d

Import the vrli.sfo01.2.chain.crt into the Java Keystore:

cd /usr/java/default/lib/security/

../../bin/keytool -import -alias loginsight -file /root/vrli.sfo01.2.chain.crt -keystore cacerts
e

When prompted for a keystore password, type changeit.

f

When prompted to accept the certificate, type yes.

g

Repeat this operation on all vRealize Log Insight nodes until complete.

6

Open a Web browser and go to https://vrli-cluster-01.sfo01.rainpole.local

A warning message that the connection is not trusted appears.

7

To review the certificate, click the padlock  in the address bar of the browser, and verify that Subject Alternative Name contains the names of the vRealize Log Insight cluster nodes.

8

Import the certificate in your Web browser.

For example, in Google Chrome under the HTTPS/TLS settings click Manage certificates, and in the Certificates dialog box import vrli-chain.pem.  

You can also use Certificate Manager on Windows or Keychain Access on MAC OS X.