Before broker agents can communicate with the vRealize Operations for Published Applications adapter, the adapter certificate must be shared with the agents, and the broker agent certificate must be shared with the adapter. The process of sharing these certificates if referred to as certificate pairing.

The following actions occur during the certificate pairing process:

  1. The broker agent's certificate is encrypted with the adapter's server key.

  2. A connection is opened to the certificate management server and the encrypted certificate is passed to the adapter instance. The adapter decrypts the broker agent's certificate by using the server key. If decryption fails, an error is returned to the broker agent.

  3. The broker agent's certificate is placed in the adapter's trust store.

  4. The adapter's certificate is encrypted with the adapter's server key.

  5. The encrypted certificate is returned to the broker agent. The broker agent decrypts the adapter's certificate by using the server key. If decryption fails, an error is returned to the user.

  6. The adapter's certificate is placed in the broker agent's trust store.

  7. The adapter's certificate is sent to all XD-XA hosts via Group Policy.

After the certificates are successfully paired, they are cached in the trust stores for each individual component. The broker certificate and the trust store are sent to all session hosts. The adapter certificate is stored in the trust store and the broker certificate is stored in the v4pa-brokeragent.jks. If you provision a new XD-XA server, the adapter's certificate is sent to the server by using the Group Policy, and you do not need to pair the certificates again. However, if either the adapter or broker agent certificate changes, you must pair the certificates again.

You use the vRealize Operations for Published Applications Broker Agent Settings wizard to pair certificates.