Broker agents use a self-signed certificate by default for authentication with the Horizon Adapter. You can replace this self-signed certificate with a certificate that is signed by a valid certificate authority.
Obtain the keystore passwords from the msgclient.properties file on the vRealize Operations Manager node where the adapter instance is running.
Become familiar with the Java keytool utility. For related documentation, visit the Oracle Help Center.
Add the keytool utility to the system path on the host where the broker agent is installed.
- Log in to the Horizon Connection Server host where the broker agent is installed and open the C:\ProgramData\VMware\vRealize Operations for Horizon\Broker Agent\conf directory.
- Run the keytool utility with the -genkeypair option to generate a new self-signed certificate for the broker agent.
Because the default self-signed certificate is issued to VMware, you must generate a new self-signed certificate before you request a signed certificate. The signed certificate must be issued to your organization.
keytool -genkeypair -alias v4v-brokeragent -dname dn-of-org -keystore v4v-brokeragent.jks
dn-of-org is the distinguished name of the organization to which the certificate is issued, for example, "OU=Management Platform, O=VMware\, Inc., C=US".
- Run the keytool utility with the -certreq option to generate a certificate signing request.
keytool -certreq -alias v4v-brokeragent -file cert-request-file -keystore v4v-brokeragent.jks
- Upload the certificate signing request to a certificate authority and request a signed certificate.
If the certificate authority requests a password for the certificate private key, use the password configured for the certificate store.
- After the certificate authority returns a signed certificate, copy the certificate file to the C:\ProgramData\VMware\vRealize Operations for Horizon\Broker Agent\conf directory.
- Run the keytool utility with the -import option to import the new certificate.
keytool -import -alias v4v-brokeragent -file new-certificate-filename -keystore v4v-brokeragent.jks
- Run the keytool utility with the -import option again to import the root certificate of the certificate authority.
keytool -import -alias alias-name -file root-cert-name -keystore v4v-truststore.jks -trustcacerts
- Restart the broker agent service.
- Select .
- Click Next until the Broker Agent Service page is displayed and then click Restart.
The broker agent now uses the signed certificate that you imported.
- Pair the broker agent with the adapter instance again.
- Click Back until the Pair Adapter page is displayed.
- Confirm the port and server key and click Pair.
- Click Next until the Ready To Complete page is displayed and click Finish.