Pivotal Knowledge Base


How to Replace Self-Signed Certificate in Operations Manager


Pivotal Cloud Foundry® (PCF) versions from 1.6.x to 1.12.x and PCF 2.0.x


Operations Manager uses self-signed certificate by default. This article discusses how to replace the default certificate with the certificate provided by the user.


This procedure discusses how to replace Operations Manager default certificate with a user-provided certificate: 

  1. SSH into Operations Manager
  2. Ops Managerusesnginx. You need to check /etc/nginx/nginx.conf to checkwheressl certificate & key are located. By default they are located under /var/tempest/cert
    $ cat /etc/nginx/nginx.conf | grep ssl_cert
    ssl_certificate "/var/tempest/cert/tempest.crt”
    ssl_certificate_key "/var/tempest/cert/tempest.key”;
  3. Replace the certificate under /var/tempest/cert
  4. Restart tempest-web and nginx services
    $ sudo service tempest-web stop
    $ sudo service nginx stop
    $ sudo service nginx start
    $ sudo service tempest-web start


Powered by Zendesk