Issued for a particular server and containing information about the server public key, the certificate allows you to sign all elements created in Automation Orchestrator and guarantee authenticity. When the client receives an element from your server, typically a package, the client verifies your identity and decides whether to trust your signature.
You can manage the Automation Orchestrator certificates from the Certificates page in the Automation Orchestrator Control Center or with the Automation Orchestrator Client, by using the ssl_trust_manager tagged workflows .
Import a certificate to the Automation Orchestrator trust store
Automation Orchestrator Control Center uses a secure connection to communicate with vCenter, relational database management system (RDBMS), LDAP, Single Sign-On, and other servers. You can import the required TLS certificate from a URL or a PEM-encoded file. Each time you want to use a TLS connection to a server instance, you must import the corresponding certificate from the Trusted Certificates tab on the Certificates page and import the corresponding TLS certificate.
| Option | Description |
|---|---|
| Import from URL or proxy URL | The URL of the remote server: https://your_server_IP_address or your_server_IP_address:port |
| Import from file |
Path to the PEM-encoded certificate file.
Note: You can also import a trusted certificate by running the
Import a trusted certificate from a file workflow in the
Automation Orchestrator Client. The file imported through this workflow must be DER-encoded.
|
Package signing certificate
Packages exported from an Automation Orchestrator server are digitally signed. Import, export, or generate a new certificate to be used for signing packages. Package signing certificates are a form of digital identification that is used to guarantee encrypted communication and a signature for your Automation Orchestrator packages.
The Automation Orchestrator Appliance includes a package signing certificate that is generated automatically, based on the network settings of the appliance. If the network settings of the appliance change, you must generate a new package signing certificate manually. After generating a new package signing certificate, all future exported packages are signed with the new certificate.
