You can use the Automation Orchestrator Appliance to generate a new TLS certificate for your environment or set an existing custom certificate.
The Automation Orchestrator Appliance includes a Trusted Layer Security (TLS) certificate that is generated automatically, based on the network settings of the appliance. If the network settings of the appliance change, you must generate a new certificate manually. You can create a certificate chain to guarantee encrypted communication and provide a signature for your packages. However, the recipient cannot be sure that the self-signed package is in fact a package issued by your server and not a third party claiming to be you. To prove the identity of your server, use a certificate signed by a Certificate Authority (CA).
Automation Orchestrator generates a server certificate that is unique to your environment. The private key is stored in the vmo_keystore
table of the Automation Orchestrator database.
Prerequisites
Verify that SSH access for the Automation Orchestrator Appliance is enabled. See Activate or Deactivate SSH Access to the Automation Orchestrator Appliance.
Procedure
- Log in to the Automation Orchestrator Appliance command line over SSH as root.
- Run the vracli certificate ingress --generate auto --set stdin command.
- To apply the custom certificate to your Automation Orchestrator Appliance, run the deployment script.
- Navigate to the /opt/scripts/ directory.
cd /opt/scripts/
- Run the ./deploy.sh script.
Important: Do not interrupt the deployment script. You receive the following message when the script finishes running:
Prelude has been deployed successfully. To access, go to your_orchestrator_address
- Navigate to the /opt/scripts/ directory.