The system administrator can replace a self-signed certificate with one from a certificate authority to ensure security in a distributed deployment environment.

You can use a Subject Alternative Name (SAN) certificate on multiple machines. The certificate must be added to the trusted root certificate store on the IIS machine. The IIS machine is the machine on which the Component Website and Model Manager data are installed during the IaaS installation. This procedure adds the certificate to the trusted root in the certificate store.

1

Get a certificate from a trusted certificate authority.

2

Open the Internet Information Services (IIS) Manager.

3

Double-click Server Certificates from Features View.

4

Click Import in the Actions pane.

a

Type a file name in the Certificate file text box, or click the browse button (…), to navigate to the name of a file where the exported certificate is stored.

b

Type a password in the Password text box if the certificate was exported with a password.

5

Click OK.

6

Click on the imported certificate and select View.

7

Verify that the certificate is trusted.

If the certificate is untrusted, you see the message, This CA root certificate is not trusted.

8

Update IIS bindings.

a

Select the site that hosts the component Web site and model manager.

b

Click Bindings in the Action pane.

c

Click Edit on the https (443) in the Site Bindings dialog box.

d

Change the SSL certificate to the newly imported one.

9

Restart IIS or open a command prompt window and type iisreset.

10

Open the vCloud Automation Center site with a browser.

The server address is of the form https://<IaaS_server_address>/vcac/ and is case sensitive. When you open the site, you should see the message 401 Not authorized, which indicates that certificates are configured on the IaaS server.