If you want to sign your packages with a server certificate different from the one you used for the initial Orchestrator configuration, you must export all your packages and change the Orchestrator database.

This workflow describes the process to change the Orchestrator self-signed certificate.

  1. Export all your packages by using the Orchestrator client.

    1. Select Administer from the drop-down menu in the left upper corner of the Orchestrator client.

    2. Click the Packages view.

    3. Right-click the package to export and select Export package.

    4. Browse to select a location to save the package to and click Save.

    5. Leave the View content, Add to package, and Edit contents options selected.

      Caution:

      Do not sign the package with your current certificate. You must not encrypt the package. When you delete the certificate database, the private key is lost and the contents of the exported package become unavailable.

    6. Deselect the Export the values of the configuration settings check box if you do not want to export the values of the configuration elements attributes in the package.

    7. Deselect the Export version history check box if you do not want to export the version history.

    8. Click Save.

  2. Create a new database and configure Orchestrator to work with it.

    You configure the Orchestrator database connection by using the Orchestrator configuration interface. For more information about setting up the Orchestrator database, see Configure the Database Connection.

  3. Export the Orchestrator configuration to back up your configuration data in case you want to use the old database and the old SSL certificate.

    You can export the Orchestrator configuration by using the Orchestrator configuration interface. For more information, see Export the Orchestrator Configuration.

  4. Back up your database if you want to retain the old data.

    The database that you bind Orchestrator to must not contain records in the vmo_keystore table.

  5. Create a new self-signed certificate or import a server certificate signed by a certification authority.

    You can create and import self-signed certificates by using the Orchestrator configuration interface. For more information, see Server Certificate.

  6. Import your license keys.

    You can configure the license settings from the Orchestrator configuration interface. For more information, see Import the vCenter Server License.

  7. Reinstall the default Orchestrator plug-ins.

    1. On the Orchestrator configuration interface, click the Troubleshooting tab.

    2. Click the Reset current version link.

  8. Restart the Orchestrator server.

    1. On the Orchestrator configuration interface, click the Startup options tab.

    2. Click the Restart service link.

  9. Reimport your packages.

    1. Select Administer from the drop-down menu in the left upper corner of the Orchestrator client.

    2. Click the Packages view.

    3. Right-click under the available packages, and from the pop-up menu, select Import package.

    4. Browse to the package to import and click Open.

    5. Click Import or Import and trust provider.

    6. Deselect the Import the values of the configuration settings check box if you do not want to import the values of the configuration elements attributes from the package.

    7. Click Import checked elements.

The server certificate change is effective at the next package export.