Set a custom TLS Certificate for your Automation Orchestrator Appliance.
The Automation Orchestrator Appliance includes a Trusted Layer Security (TLS) certificate that is generated automatically, based on the network settings of the appliance.
You can configure your Automation Orchestrator Appliance to use an existing custom TLS certificate. You can set the certificate by importing the relevant PEM file from your local machine into the Automation Orchestrator Appliance. You can also set your custom TLS certificate by copying the certificate chain directly into the Automation Orchestrator Appliance. Both procedures require you to run the ./deploy.sh script before the new TLS certificate can be used in your Automation Orchestrator deployment.
For information on generating a new custom TLS certificate, see Generate a custom TLS certificate for Automation Orchestrator.
Prerequisites
- Verify that SSH access for the Automation Orchestrator Appliance is enabled. See Activate or Deactivate SSH Access to the Automation Orchestrator Appliance.
- Verify that the PEM file containing the TLS certificate contains the following components in the set order:
- The private key for the certificate.
- The primary certificate.
- If applicable, the Certificate Authority (CA) intermediate certificate or certificates.
- The root CA certificate.
For example, the TLS certificate can have the following structure:-----BEGIN RSA PRIVATE KEY----- <Private Key> -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- <Primary TLS certificate> -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- <Intermediate certificate> -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- <Root CA certificate> -----END CERTIFICATE-----
Procedure
Results
You have set custom TLS certificate for your Automation Orchestrator Appliance.
What to do next
To confirm that the new certificate chain is applied, run the vracli certificate ingress --list command.