To authorize Operations Manager as an agent that can manage your Azure subscription, you must upload a Management Certificate to your subscription, and then copy that certificate to the Operations Manager server and register it with Tomcat.
When you configure an Azure target, you provide your subscription ID and certificate signature as login credentials. Operations Manager uses those credentials to access your subscription.
This article describes how to copy a Management Certificate to the Operations Manager server and register it with Tomcat.
NOTE: If you want to automatically configure the certificate, see the following document, which includes an automation script you can download: Use Automation to Configure a Management Certificate for an Azure Target
- Windows OS to generate the certificates
- Install Java SE Development Kit
- At the time of writing, this document the version available to download is 188.8.131.52. You can use a higher version if available.
- Step 1: Create a folder on your local machine
- Create the folder on the C:\ drive and name it Azure. You will store the certificate files in that folder.
- Step 2: Open a Command Prompt on your local machine, with Administrator privileges
- Step 3: Generating secure.jks file
- Execute the following command, where you provide your own values for the key alias and password.
- “C:\Program Files\Java\jre1.8.0_73\bin\keytool” -genkeypair -alias azure.vmturbo.com -keyalg RSA -keystore C:\Azure/secure.jks -keysize 2048 -storepass “vmturbo123!"
- Step 4: Generate the certificate from the secure.jks file
Execute the following command. Make sure the alias you provide matches the one you used to create the secure.jks file:
- “C:\Program Files\Java\jre1.8.0_73\bin\keytool” -v -export -file C:\Azure\Azure_Certificate.cer -keystore C:\Azure\secure.jks -alias “azure.vmturbo.com”
- Step 5: Upload the file secure.jks to your Operations Manager server.
- Upload the file secure.jks to /usr/share/ca-certificates/azure - If the folders are not already present, create the path and put the file there.
- Step 6: Edit the tomcat.conf file
- Open a SSH session to your Operations Manager server with root privileges.
- Open the file, /etc/tomcat/tomcat.conf.
- Add the following: CATALINA_OPTS=-Djavax.net.ssl.keyStore=/usr/share/ca-certificates/azure/secure.jks -Djavax.net.ssl.keyStorePassword=vmturbo123!
- Step 7: Now you need to restart Tomcat using the following command:
service tomcat restart
- Step 8: Upload the Azure_Certificate.cer to Azure Portal
- Step 9: Get the Certificate Thumbprint.
- Step 10: You can now add your Azure target to VMTurbo Operation Manager.
- In the Password field make sure to use the Thumbprint you obtained from Step 8