The Orchestrator Appliance uses light-httpd to run its own management site. You can change the SSL certificate of the Orchestrator Appliance management site, for example if your company security policy requires you to use its SSL certificates.

Prerequisites

By default the Orchestrator Appliance SSL certificate and private key are stored in a PEM file, which is located at: /opt/vmware/etc/lighttpd/server.pem. To install a new certificate, ensure that you export your new SSL certificate and private key from the Java keystore to a PEM file.

Procedure

  1. Log in to the Orchestrator Appliance Linux console as root.
  2. Locate the /opt/vmware/etc/lighttpd/lighttpd.conf file and open it in an editor.
  3. Find the following line:
    #### SSL engine
    ssl.engine = "enable"
    ssl.pemfile = "/opt/vmware/etc/lighttpd/server.pem"
  4. Change the ssl.pemfile attribute to point to the PEM file containing your new SSL certificate and private key.
  5. Save the lighttpd.conf file.
  6. Run the following command to restart the light-httpd server.

    service vami-lighttp restart

Results

You successfully changed the certificate of the Orchestrator Appliance management site.