Custom Certificate Authorities

Page last updated:

This topic provides an overview of using custom certificate authorities (CAs) in a Ops Manager deployment.

Overview

To secure traffic in your Ops Manager deployment, you must provide a CA to issue digital certificates. This can be either a Ops Manager-generated or custom CA. When you add and activate a new CA, a digital certificate is issued to BOSH Director. BOSH Director then passes the certificate to other components in your Ops Manager deployment.

VMware recommends you supply a CA from a trusted provider when using a production environment. While you can create your own custom CAs if necessary, a trusted CA is more secure because it has been authenticated by the trusted entities permitted to issue them.

Note: Elliptic Curve Digital Signature Algorithm (ECDSA) certificates are not supported in Ops Manager.

Add a Custom CA

You can add a new custom CA as part of the procedure for rotating CAs and other certificate types in Ops Manager. To add and activate a new custom CA in Ops Manager, see Rotate Root and Leaf Certificates in Rotating Certificates.