Certificates on Ops Manager

Certificate Sources
- Enterprise Root CA
- CredHub

Page last updated:

This topic describes the sources and uses for certificates to secure both internal and external networking calls in Ops Manager.

Certificate Sources

Certificates in Ops Manager originate from these sources:

Enterprise Root Certificate Authority (CA)
CredHub

Enterprise Root CA

An enterprise root CA is able to grant itself a certificate and create subordinate CAs. Domains require an enterprise root CA to allow clients to request certificates.

Generating certificates against a root CA is a good implementation for systems that are static and do not need highly available certificate creation.

CredHub

You can use CredHub as a source for certificates in Ops Manager. These certificates can either be self-signed or signed by an imported trusted CA. Certificates are self-signed by default.

Use CredHub for:

High availability
Dynamic generation of certificates
More secure communication between platform components, apps, and services

VMware recommends using CredHub for high availability and good security posture in Ops Manager.

For more information, see CredHub.

Create a pull request or raise an issue on the source for this page in GitHub