Manually Configure a Management Certificate for an Azure Target

Document created by fadi.josef Expert on Apr 29, 2016Last modified by fran.schwarzmann on Aug 15, 2016
Version 3Show Document
  • View in full screen mode

To authorize Operations Manager as an agent that can manage your Azure subscription, you must upload a Management Certificate to your subscription, and then copy that certificate to the Operations Manager server and register it with Tomcat.


When you configure an Azure target, you provide your subscription ID and certificate signature as login credentials. Operations Manager uses those credentials to access your subscription.


This article describes how to copy a Management Certificate to the Operations Manager server and register it with Tomcat.


NOTE: If you want to automatically configure the certificate, see the following document, which includes an automation script you can download:  Use Automation to Configure a Management Certificate for an Azure Target


Pre- Requisites:

  1. Windows OS to generate the certificates
  2. Install Java SE Development Kit
    • At the time of writing, this document the version available to download is You can use a higher version if available.
    • Step 1: Create a folder on your local machine
      • Create the folder on the C:\ drive and name it Azure. You will store the certificate files in that folder.
    • Step 2: Open a Command Prompt on your local machine, with Administrator privileges
    • Step 3: Generating secure.jks file
      • Execute the following command, where you provide your own values for the key alias and password.
      • “C:\Program Files\Java\jre1.8.0_73\bin\keytool” -genkeypair -alias -keyalg  RSA -keystore C:\Azure/secure.jks -keysize 2048 -storepass “vmturbo123!"

                         After you run this command and enter all the required information, you should see the generated secure.jks file in the Azure folder.   





    • Step 4: Generate the certificate from the secure.jks file

                Execute the following command. Make sure the alias you provide matches the one you used to create the secure.jks file:

      • “C:\Program Files\Java\jre1.8.0_73\bin\keytool” -v -export -file C:\Azure\Azure_Certificate.cer -keystore C:\Azure\secure.jks -alias “

                                              Now you should see both of the files you need.


    • Step 5:  Upload the file secure.jks to your Operations Manager server.
      • Upload the file secure.jks to /usr/share/ca-certificates/azure  - If the folders are not already present, create the path and put the file there.
    • Step 6: Edit the tomcat.conf file
      • Open a SSH session to your Operations Manager server with root privileges.
      • Open the file,  /etc/tomcat/tomcat.conf.
      • Add the following:!


    • Step 7: Now you need to restart Tomcat using the following command:
      • service tomcat restart

    • Step 8: Upload the Azure_Certificate.cer to Azure Portal


    • Step 9: Get the Certificate Thumbprint.


    • Step 10: You can now add your Azure target to VMTurbo Operation Manager.
    • In the Password field make sure to use the Thumbprint you obtained from Step 8
2 people found this helpful