If you update or change vRealize Automation appliance or IaaS certificates, you must update vRealize Orchestrator to trust the new or updated certificates.

This procedure applies to all vRealize Automation deployments that use an embedded vRealize Orchestrator instance. If you use an external vRealize Orchestrator instance, see Update External vRealize Orchestrator to Trust vRealize Automation Certificates.

Note: This procedure resets tenant and group authentication back to the default settings. If you have customized your authentication configuration, note your changes so that you can re-configure authentication after completing the procedure.

See the vRealize Orchestrator documentation for information about updating and replacing vRealize Orchestrator certificates.

If you replace or update vRealize Automation certificates without completing this procedure, the vRealize Orchestrator Control Center may be inaccessible, and errors may appear in the vco-server and vco-configurator log files.

Problems with updating certificates can also occur if vRealize Orchestrator is configured to authenticate against a different tenant and group than vRealize Automation. See https://kb.vmware.com/kb/2147612.


  1. Stop the vRealize Orchestrator server and Control Center services.
    service vco-server stop
    service vco-configurator stop
  2. Reset the vRealize Orchestrator authentication provider.
    1. Run the /var/lib/vco/tools/configuration-cli/bin/vro-configure.sh reset-authentication command.
    2. Delete /etc/vco/app-server/vco-registration-id.
    3. Run vcac-vami vco-service-reconfigure
  3. Start the vRealize Orchestrator server and control center services.
    service vco-server start
    service vco-configurator start