You can use the Automation Orchestrator Appliance to generate a new TLS certificate for your environment or set an existing custom certificate.

The Automation Orchestrator Appliance includes a Trusted Layer Security (TLS) certificate that is generated automatically, based on the network settings of the appliance. If the network settings of the appliance change, you must generate a new certificate manually. You can create a certificate chain to guarantee encrypted communication and provide a signature for your packages. However, the recipient cannot be sure that the self-signed package is in fact a package issued by your server and not a third party claiming to be you. To prove the identity of your server, use a certificate signed by a Certificate Authority (CA).

Automation Orchestrator generates a server certificate that is unique to your environment. The private key is stored in the vmo_keystore table of the Automation Orchestrator database.

Note: To configure your Automation Orchestrator Appliance to use an existing custom TLS certificate, see Set a custom TLS certificate for Automation Orchestrator.

Prerequisites

Verify that SSH access for the Automation Orchestrator Appliance is enabled. See Activate or Deactivate SSH Access to the Automation Orchestrator Appliance.

Procedure

  1. Log in to the Automation Orchestrator Appliance command line over SSH as root.
  2. Run the vracli certificate ingress --generate auto --set stdin command.
  3. To apply the custom certificate to your Automation Orchestrator Appliance, run the deployment script.
    1. Navigate to the /opt/scripts/ directory.
      cd /opt/scripts/
    2. Run the ./deploy.sh script.
      Important: Do not interrupt the deployment script. You receive the following message when the script finishes running:
      Prelude has been deployed successfully. 
      To access, go to your_orchestrator_address

What to do next

To confirm that the new certificate chain is applied, run the vracli certificate ingress --list command.