By default, vRealize Log Insight installs a self-signed SSL certificate on the virtual appliance.

The self-signed certificate generates security warnings when you connect to the vRealize Log Insight Web user interface. If you do not want to use a self-signed security certificate, you can install a custom SSL certificate. The only feature requiring a custom SSL certificate is Event Forwarding through SSL. If you have a Cluster setup with ILB enabled, read Enable Integrated Load Balancer for the specific requirements of custom SSL certificate.

Note

The vRealize Log Insight Web user interface and the Log Insight Ingestion protocol cfapi use the same certificate for authentication.

Verify that your custom SSL certificate meets the following requirements.

The certificate file contains both a valid private key and a valid certificate chain.

The private key is generated by the RSA or the DSA algorithm.

The private key is not encrypted by a pass phrase.

If the certificate is signed by a chain of other certificates, all other certificates are included in the certificate file that you plan to import.

The private key and all the certificates that are included in the certificate file are PEM-encoded. vRealize Log Insight does not support DER-encoded certificates and private keys.

The private key and all the certificates that are included in the certificate file are in the PEM format. vRealize Log Insight does not support certificates in the PFX, PKCS12, PKCS7, or other formats.

Verify that you concatenate the entire body of each certificate into a single text file in the following order.

a

The Private Key - your_domain_name.key

b

The Primary Certificate - your_domain_name.crt

c

The Intermediate Certificate - DigiCertCA.crt

d

The Root Certificate - TrustedRoot.crt

Verify that you include the beginning and ending tags of each certificate in the following format.

-----BEGIN RSA PRIVATE KEY----- 
(Your Private Key: your_domain_name.key) 
-----END RSA PRIVATE KEY----- 
-----BEGIN CERTIFICATE----- 
(Your Primary SSL certificate: your_domain_name.crt) 
-----END CERTIFICATE----- 
-----BEGIN CERTIFICATE----- 
(Your Intermediate certificate: DigiCertCA.crt) 
-----END CERTIFICATE----- 
-----BEGIN CERTIFICATE----- 
(Your Root certificate: TrustedRoot.crt) 
-----END CERTIFICATE-----

Verify that you are logged in to the vRealize Log Insight Web user interface as a user with the Edit Admin permission. The URL format is https://log-insight-host, where log-insight-host is the IP address or host name of the vRealize Log Insight virtual appliance.

1

Generate a certificate signing request by using the OpenSSL tool for Windows.

2

Send your certificate signing request to a Certificate Authority of your choice and request a signature.

3

Combine your key and certificate files into a PEM file.

4

Upload your signed certificate by using the vRealize Log Insight Web Interface.

5

SSL function allows you to provide SSL only connections between the Log Insight Agents and the vRealize Log Insight Server through the secure flow of Ingestion API. You can also configure various SSL parameters of the Log Insight Agents.