Broker agents use a self-signed certificate by default for authentication with the Horizon Adapter. You can replace this self-signed certificate with a certificate that is signed by a valid certificate authority.
- Obtain the keystore passwords from the msgclient.properties file on the vRealize Operations Manager node where the adapter instance is running.
- Become familiar with the Java keytool utility. For related documentation, visit the Oracle Help Center.
- Add the keytool utility to the system path on the host where the broker agent is installed.
- Log in to the Horizon Connection Server host where the broker agent is installed and open the C:\ProgramData\VMware\vRealize Operations for Horizon\Broker Agent\conf directory.
- Run the keytool utility with the -genkeypair option to generate a new self-signed certificate for the broker agent.
Because the default self-signed certificate is issued to VMware, you must generate a new self-signed certificate before you request a signed certificate. The signed certificate must be issued to your organization.
keytool -genkeypair -alias v4v-brokeragent -dname dn-of-org -keystore v4v-brokeragent.jksdn-of-org is the distinguished name of the organization to which the certificate is issued, for example, "OU=Management Platform, O=VMware\, Inc., C=US".
- Run the keytool utility with the -certreq option to generate a certificate signing request.
keytool -certreq -alias v4v-brokeragent -file cert-request-file -keystore v4v-brokeragent.jks
- Upload the certificate signing request to a certificate authority and request a signed certificate.
If the certificate authority requests a password for the certificate private key, use the password configured for the certificate store.
- After the certificate authority returns a signed certificate, copy the certificate file to the C:\ProgramData\VMware\vRealize Operations for Horizon\Broker Agent\conf directory.
- Run the keytool utility with the -import option to import the new certificate.
keytool -import -alias v4v-brokeragent -file new-certificate-filename -keystore v4v-brokeragent.jks
- Run the keytool utility with the -import option again to import the root certificate of the certificate authority.
keytool -import -alias alias-name -file root-cert-name -keystore v4v-truststore.jks -trustcacerts
- Restart the broker agent service.
The broker agent now uses the signed certificate that you imported.
- Select .
- Click Next until the Broker Agent Service page is displayed and then click Restart.
- Pair the broker agent with the adapter instance again.
- Click Back until the Pair Adapter page is displayed.
- Confirm the port and server key and click Pair.
- Click Next until the Ready To Complete page is displayed and click Finish.