Ok, so I’m just going to call it out straight away, when using wildcard SSL certificates with vRealize Automation 8.0, read the release notes.
I did not, and caused myself quite a few headaches with the deployment, which you can read about further in this post.
Cannot set wildcard certs for certain domain names, specifically those not using a Public Suffix.
vRealize Automation 8.0 supports setting a wildcard certificate only for DNS names that match the content of the Public Suffix List ([https://publicsuffix.org/])
For example, a valid wildcard certificate: you can use a wildcard certificate with DNS name like "*.myorg.com". This is supported because "com" is part of the Public Suffix List.
An invalid wildcard certificate example: you cannot use a wildcard certificate with DNS name like "*.myorg.local".This is not supported because "local" is not part of Public Suffix List.
Workaround: Only use domain names in the Public Suffix List.
The issues caused by using an unsupported wildcard SSL
When deploying vRA 8.0 via vRSLCM, either as part of the easy installer or as part of an existing vRSLCM setup, you will asked to provide an SSL certificate.
This does not validate your certificate is supported for use with the vRA 8.0 deployment. vRSLCM will do some checking on the SSL selected, but is only to ensure the SSL certificate is not about to expire, you will see a Green tick and “healthy” status as below.
Once you hit deploy, you will find your vRA appliance finally stood up, however the initialization tasks will stall.
Error Code: LCMVRAVACONFIG590003
Cluster Initialization failed on VRA.
vRA Initialize Cluster failed on vRA VA - ***Hostname***. Please login to the vRA and check /var/log/deploy.log file for more information on failure.