After you update the vRealize Automation certificate, reconnect vRealize Orchestrator and vRealize Business to vRealize Automation to install the new certificate.

Procedure

  1. Log in to the first vRealize Automation appliance by using a Secure Shell (SSH) client.
    1. Open an SSH connection to the primary vRealize Automation virtual appliance vra01svr01a.rainpole.local.
    2. Log in using the following credentials.

      Setting

      Value

      User name

      root

      Password

      vro_appA_root_password

  2. Stop the Orchestrator server and the Control Center services of the embedded vRealize Orchestrator server.
    service vco-server stop && service vco-configurator stop
  3. Update the vRealize Automation certificate in the component registration with vRealize Automation for embedded vRealize Orchestrator.
    1. Verify the trusted certificate in the embedded vRealize Orchestrator trust store vco.cafe.component-registry.ssl.certificate using the command-line interface.
      /var/lib/vco/tools/configuration-cli/bin/vro-configure.sh list-trust

      The SHA1 thumbprint must match that of vRealize Automation's certificate.

    2. Run the following commands to update the trust store with the new vRealize Automation certificate.
      /var/lib/vco/tools/configuration-cli/bin/vro-configure.sh trust --uri https://vra01svr01.rainpole.local/
      /var/lib/vco/tools/configuration-cli/bin/vro-configure.sh trust --registry-certificate --uri https://vra01svr01.rainpole.local

      When prompted, press Y to accept the new certificate.

    3. After both operations have completed, verify that the trusted certificate in the embedded vRealize Orchestrator trust store has been updated.
      /var/lib/vco/tools/configuration-cli/bin/vro-configure.sh list-trust

      The SHA1 thumbprint must match that of vRealize Automation's certificate.

      An alias store, Alias: Imported<hash>, is created for all certificates in the chain presented from vRealize Automation.

  4. Start the Orchestrator server and the Control Center services of the built-in vRealize Orchestrator server on the vRealize Automation appliance, and verify their status.
    service vco-configurator start && service vco-server start
    service vco-configurator status && service vco-server status
  5. Repeat this process on the secondary vRealize Orchestrator node.
  6. Log in to the vRealize Business Server appliance management console.
    1. Open a Web browser and go to https://vrb01svr01.rainpole.local:5480.
    2. Log in using the following credentials.

      Setting

      Value

      User name

      root

      Password

      vrb_server_root_password

  7. On the Registration tab, click the vRA tab, enter the following credentials to register with the vRealize Automation server and initiate an update of a vRealize Automation certificate.

    Setting

    Value

    Hostname

    vra01svr01.rainpole.local

    SSO Default Tenant

    rainpole

    SSO Admin User

    administrator

    SSO Admin Password

    vra_administrator_password

    Accept "vRealize Automation" certificate

    Deselected

  8. Click Register to connect to vRealize Automation and get its certificate. 

    A failure message appears at the top of the page.

  9. Wait until the SSO Status changes to The certificate of "vRealize Automation" is not trusted. Please view and accept to register.
  10. Click the View "vRealize Automation" certificate link to download the vRealize Automation certificate.
  11. Select the Accept "vRealize Automation" certificate check box and click Register.

    SSO Status changes to Connected to vRealize Automation.