Certificates on Ops Manager
Page last updated:
This topic describes the sources and uses for certificates to secure both internal and external networking calls in Ops Manager.
Certificates in Ops Manager originate from these sources:
An enterprise root CA is able to grant itself a certificate and create subordinate CAs. Domains require an enterprise root CA to allow clients to request certificates.
Generating certificates against a root CA is a good implementation for systems that are static and do not need highly available certificate creation.
You can use CredHub as a source for certificates in Ops Manager. These certificates can either be self-signed or signed by an imported trusted CA. Certificates are self-signed by default.
Use CredHub for:
- High availability
- Dynamic generation of certificates
- More secure communication between platform components, apps, and services
VMware recommends using CredHub for high availability and good security posture in Ops Manager.
For more information, see CredHub.