If you update or change vRealize Automation appliance or IaaS certificates, you must update vRealize Orchestrator to trust the new or updated certificates.

This procedure applies to vRealize Automation deployments that use an external vRealize Orchestrator instance.


This procedure resets tenant and group authentication back to the default settings. If you have customized your authentication configuration, note your changes so that you can re-configure authentication after completing the procedure.

See the vRealize Orchestrator documentation for information about updating and replacing vRealize Orchestrator certificates.

If you replace or update vRealize Automation certificates without completing this procedure, the vRealize Orchestrator Control Center may be inaccessible, and errors may appear in the vco-server and vco-configurator log files.

Problems with updating certificates can also occur if vRealize Orchestrator is configured to authenticate against a different tenant and group than vRealize Automation. See https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2147612.


  1. Stop the vRealize Orchestrator server and Control Center services.

    service vco-configuration stop

  2. Reset the vRealize Orchestrator authentication provider.

    /var/lib/vco/tools/configuration-cli/bin/vro-configure.sh reset-authentication

  3. Start the vRealize Orchestrator Control Center service.

    service vco-configurator start

  4. Log in to the Control Center using virtual appliance management interface root credentials.
  5. Unregister and re-register the authentication provider.