The Identity Appliance uses lighttpd to run its own management site. You can change the SSL certificate of the management site service, for example, if your company security policy requires you to use its SSL certificates.

By default the Identity Appliance SSL certificate and private key are stored in a PEM file, located at: /opt/vmware/etc/lighttpd/server.pem. To install a new certificate, ensure that you export your new SSL certificate and private key from the Java keystore to a PEM file. The private key should not be encrypted. See Extracting Certificates and Private Keys.


Login through the appliance console or through SSH.


Back up your current certificate file.

 cp /opt/vmware/etc/lighttpd/server.pem /opt/vmware/etc/lighttpd/server.pem-bck

Replace the content of the file /opt/vmware/etc/lighttpd.conf with the new certificate.


Run the following command to restart the lighttpd server.

service vami-lighttpd restart


Login to the management console and validate that the certificate is replaced. You might need to restart your browser.

You have changed the certificate of the Identity Appliance management site.