The server certificate private key is stored in the vmo_keystore table of the Orchestrator database. In case you lose or delete this key, or if you bind the Orchestrator server to a different database, the contents of the exported packages signed with this certificate become unavailable. To ensure that packages are decrypted on import, you must save this key to a local file.


You must have created or imported a server certificate.


  1. Log in to the Orchestrator configuration interface as vmware.
  2. Click Server Certificate.
  3. Click Export certificate database.
  4. Type a password to encrypt the content of the exported keystore database.

    You must enter this password again when importing the file.

  5. Click Export.
  6. Save the vmo-server.vmokeystore file when prompted.