When an RMI connection is established between the desktop message server and a desktop agent, or between the broker message server and a broker agent, the agent requests a certificate from the server to perform authentication. This certificate is validated against the agent's trust store before proceeding with the connection. If the server does not provide a certificate, or the server certificate cannot be validated, the connection is rejected.

When the vRealize Operations for Published Applications adapter is first installed, a self-signed certificate is generated. The desktop message server and broker message server use this self-signed certificate by default to authenticate to their agents. Because this certificate is generated dynamically, you must manually pair the vRealize Operations for Published Applications adapter and broker agent before the agents can communicate with the vRealize Operations for Published Applications adapter. See Certificate Pairing.