Broker and desktop message servers use a self-signed certificate generated by the Horizon Adapter for authentication with agents. You can replace this self-signed certificate with a certificate that is signed by a valid certificate authority.

Prerequisites

  • Obtain the keystore passwords from the msgserver.properties file on the vRealize Operations Manager node where the adapter instance is running.

  • Become familiar with the Java keytool utility. For related documentation, visit the Oracle Help Center.

Procedure

  1. Log in to the vRealize Operations Manager node where the adapter instance is running and open the /usr/lib/vmware-vcops/user/plugins/inbound/V4V_adapter3/work directory.
  2. Run the keytool utility with the -genkeypair option to generate a new self-signed certificate for the Horizon Adapter.

    Because the default self-signed certificate is issued to VMware, you must generate a new self-signed certificate before you can request a signed certificate. The signed certificate must be issued to your organization.

    keytool -genkeypair -alias v4v-adapter -dname dn-of-org -keystore v4v-adapter.jks

    dn-of-org is the distinguished name of the organization to which the certificate is issued, for example, "OU=Management Platform, O=VMware\, Inc., C=US".

  3. Run the keytool utility with the -certreq option to generate a certificate signing request.
    keytool -certreq -alias v4v-adapter -file certificate-request-file -keystore v4v-adapter.jks
  4. Upload the certificate signing request to a certificate authority and request a signed certificate.

    If the certificate authority requests a password for the certificate private key, use the password configured for the certificate store.

  5. After the certificate authority returns a signed certificate, copy the certificate file to the /usr/lib/vmware-vcops/user/plugins/inbound/V4V_adapter3/work directory.
  6. Run the keytool utility with the –import option to import the new certificate.
    keytool -import -alias v4v-adapter -file new-certificate-filename -keystore v4v-adapter.jks
  7. Restart the Horizon Adapter service.
    service vmware-vcops restart

    The broker and desktop message servers on the adapter instance now use the signed certificate that you imported.

  8. Pair broker agents with the adapter instance again.
    1. Log in to the Horizon Connection Server host where the broker agent is installed using a domain account that is part of the local administrators group.
    2. Select Start > VMware > vRealize Operations for Horizon Broker Agent Settings.
    3. Confirm the port and server key and click Pair.
    4. Click Next until the Ready To Complete page is displayed and click Finish.