When installing vCAC 6 using the stand alone Identity appliance you will need to configure the SSL certificates in a specific way. Otherwise you will not be able to login to your system with the identity store credentials. This is because the vCAC appliance contacts the Idenetiy appliance for a SAML token. If the SSL communication is not right you will not be presented a token to login to vCAC. Note: the vsphere.local will allow login and allow you to setup your tenant, but that’s as far as you will get. Note: If you have already done this incorrectly you will need to start a fresh install and redeploy both vCAC appliance and ID appliances.

First off, when you deploy the Identity appliance the OVF deployment scripts will generate a self signed certificate. Please resist any temptation to regenerate this certificate. Leave it as is unless you plan to add a CA signed certificate.

The vCAC appliance is a different story. You will need to generate a self signed certificate but be sure the common name is the fully qualified domain name of the vCAC appliance.