The Package Signing Certificate is a form of digital identification that is used to guarantee encrypted communication and a signature for your Orchestrator packages.

Issued for a particular server and containing information about the server’s public key, the certificate allows you to sign all elements created in Orchestrator and guarantee authenticity. When the client receives an element from your server, typically a package, the client verifies your identity and decides whether to trust your signature.


You cannot change the server certificate by using the Orchestrator configuration interface if Orchestrator uses an embedded database. To change the server certificates without changing the database settings, you must run the configuration workflows by using either the Orchestrator client or the REST API. For more information about running the configuration workflows by using the Orchestrator client, see Using the VMware vRealize Orchestrator Plug-Ins. For detailed instructions about running the configuration workflows by using the REST API, see Configuring Orchestrator by Using the Configuration Plug-In and the REST API.