By default VMware App Volumes uses its own self signed certificate. In this blog I’ll show you how to replace this certificate with a self signed certificate from your own Certificate Authority.
First of all, you need to have a (Enterprise) Certificate Authority in your environment. I’ve used this blog to set it up in my lab.
After you have set up the Certificate Authority request a SSL certificate for your App Volumes server, export the SSL certificate and make sure you select the option “Make private key exportable”.
Now it’s time to convert the .pfx file into a .crt and .key file, which you need to replace the VMware self signed certificate. I use OpenSSL for the conversion.
Open a CMD a enter the following command to convert the .pfx to a .crt file:
OpenSSL pkcs12 -in “location\name.pfx” -clcerts -nokeys -out “location\name.crt”
To create the .key file, use the command below:
OpenSSL pkcs12 -in “location\name.pfx” -clcerts -out “location\name.key”
Enter Password: …
Enter PEM pass phrase…
Enter PEM pass phrase again…
OpenSSL rsa -in “location\name.key” -outform PEM -out “location\name-pem.key”
If everything went well you now have generated the files needed to replace the VMware self signed certificate. Follow the steps below to configure App Volumes to use your self signed certificate.
- Stop de App Volumes Manager service.
- Copy the <filename.crt> and the <filename-pem.key> files to:
"C:\Program Files (x86)\CloudVolumes\Manager\nginx\conf"
- Open the “nginx.conf” file located in “C:\Program Files (x86)\CloudVolumes\Manager\nginx\conf”
- Search for ssl_certificate and replace the names appvol_self_vmware.com with the names of your own certificate.
- Save the “nginx.conf” file.
- Start the App Volumes Manager service.
You now successfully have replaced the VMware self signed certificate. Start a browser session to your App Volumes Manager and enjoy the green sign notifying you your connection is secure.