After you update the vRealize Automation certificate, reconnect vRealize Orchestrator and vRealize Business to vRealize Automation to install the new certificate on each component.

Procedure

  1. Log in to the first vRealize Automation appliance by using a Secure Shell (SSH) client.
    1. Open an SSH connection to the primary vRealize Automation virtual appliance vra01svr01a.rainpole.local.
    2. Log in using the following credentials.

      Setting

      Value

      User Name

      root

      Password

      vro_appA_root_password

  2. Stop the Orchestrator server and the Control Center services of the embedded vRealize Orchestrator server.
    service vco-server stop && service vco-configurator stop
  3. Update the vRealize Automation certificate in the component registration with vRealize Automation for embedded vRealize Orchestrator.
    1. Verify the trusted certificate in the embedded vRealize Orchestrator trust store vco.cafe.component-registry.ssl.certificate using the command-line interface.
      /var/lib/vco/tools/configuration-cli/bin/vro-configure.sh list-trust

      The SHA1 thumbprint must match that of vRealize Automation's certificate.

    2. Run the following commands to update the trust store with the new vRealize Automation certificate.
      /var/lib/vco/tools/configuration-cli/bin/vro-configure.sh trust --uri https://vra01svr01.rainpole.local/
      /var/lib/vco/tools/configuration-cli/bin/vro-configure.sh trust --registry-certificate --uri https://vra01svr01.rainpole.local

      When prompted, press Y to accept the new certificate.

    3. After you complete both operations, verify that the trusted certificate in the embedded vRealize Orchestrator trust is updated.
      /var/lib/vco/tools/configuration-cli/bin/vro-configure.sh list-trust

      The SHA1 thumbprint must match that of vRealize Automation's certificate.

      An alias store, Alias: Imported<hash>, is created for all certificates in the chain presented from vRealize Automation.

  4. Start the Orchestrator server and the Control Center services of the built-in vRealize Orchestrator server on the vRealize Automation appliance, and verify their status.
    service vco-configurator start && service vco-server start
    service vco-configurator status && service vco-server status
  5. Repeat this process on the other vRealize Automation appliance nodes.
  6. Re-Authenticate vRealize Automation with the embedded vRealize Orchestrator
    1. Open a Web browser and go to https://vra01svr01.rainpole.local:8283/vco-controlcenter/.
    2. Log in using the following credentials.

      Setting

      Value

      User Name

      root

      Password

      vrа_root_password

    3. Click Configure Authentication Provider.
    4. In Default tenant, enter rainpole and click Change.
    5. In Admin group, enter ug-admin and click Search.
    6. From the drop-down menu, select rainpole\ug-admin and click Save Changes.
  7. Restart vRealize Orchestrator servers
    1. Open a Web browser and go to https://vra01svr01a.rainpole.local:5480
    2. Log in using the following credentials.

      Setting

      Value

      User Name

      root

      Password

      vrа_root_password

    3. Click the vRA Settings tab and click Orchestrator.
    4. Select Orchestrator server and click Restart.
    5. Select Orchestrator user interface and click Restart.
  8. Validate the embedded vRealize Orchestrator configuration.
    1. Open a Web browser and go to https://vra01svr01.rainpole.local:8283/vco-controlcenter/.
    2. Log in using the following credentials.

      Setting

      Value

      User Name

      root

      Password

      vrа_root_password

    3. Click Validate Configuration and verify that each section is validated successfully.
  9. Log in to the vRealize Business Server appliance management console.
    1. Open a Web browser and go to https://vrb01svr01.rainpole.local:5480.
    2. Log in using the following credentials.

      Setting

      Value

      User name

      root

      Password

      vrb_server_root_password

  10. On the Registration tab, click the vRA tab, enter the following to register with the vRealize Automation server and initiate an update of a vRealize Automation certificate.

    Setting

    Value

    Hostname

    vra01svr01.rainpole.local

    SSO Default Tenant

    rainpole

    SSO Admin User

    svc-vra

    SSO Admin Password

    svc-vra_password

    Accept vRealize Automation Certificate

    Deselected

  11. Click Register to connect to vRealize Automation and update its certificate. 
  12. Wait until the SSO Status changes to The certificate of "vRealize Automation" is not trusted. Please view and accept to register.
  13. Click the View "vRealize Automation" certificate link to download the vRealize Automation certificate.
  14. Select the Accept "vRealize Automation" certificate check box and click Register.

    SSO Status changes to Connected to vRealize Automation.