Pivotal Knowledge Base


How to Replace Self-Signed Certificate in Ops Manager


Pivotal Cloud Foundry® (PCF) versions from 1.6.x to 1.7.x


Ops Manager uses self-signed certificate by default. This article discusses how to replace the default certificate with the certificate provided by the user.


This procedure discusses how to replace Ops Manager default certificate with a user-provided certificate: 

  1. ssh into Ops Manager
  2. Ops Managerusesnginx. You need to check /etc/nginx/nginx.conf to checkwheressl certificate & key are located. By default they are located under /var/tempest/cert
    $ cat /etc/nginx/nginx.conf | grep ssl_cert
    ssl_certificate "/var/tempest/cert/tempest.crt”
    ssl_certificate_key "/var/tempest/cert/tempest.key”;
  3. Replace the certificate under /var/tempest/cert
  4. Restart tempest-web and nginx services
    $ sudo service tempest-web stop
    $ sudo service nginx stop
    $ sudo service nginx start
    $ sudo service tempest-web start


Powered by Zendesk