To communicate with other servers securely, the Orchestrator server must be able to verify their identity. For this purpose, you might need to import the SSL certificate of the remote entity to the Orchestrator trust store. To trust a certificate, you can import it to the trust store either by establishing a connection to a specific URL, or directly as a PEM-encoded file.

Prerequisites

Find the fully qualified domain name of the server to which you want Orchestrator to connect over SSL.

Procedure

  1. Log in to the Orchestrator Appliance over SSH as root.
  2. Run a command to retrieve the certificate of the remote server.
    openssl s_client -connect host_or_dns_name:secure_port
    1. If you use a nonencrypted port, use starttls and the required protocol with the openssl command.
      openssl s_client -connect host_or_dns_name:25 -starttls smtp
  3. Copy the text from the -----BEGIN CERTIFICATE----- to the -----END CERTIFICATE----- tag to a text editor and save it as a file.
  4. Log in to Control Center as root.
  5. Go to the Certificates page.
  6. On the Trusted Certificates tab, click Import and select the Import from a PEM-encoded file option.
  7. Browse to the certificate file and click Import.

Results

You have successfully imported a remote server certificate to the Orchestrator trust store.