You can manage the vRealize Orchestrator certificates from the Certificates page in the vRealize Orchestrator Control Center or with the vRealize Orchestrator Client, by using the ssl_trust_manager tagged workflows .
Import a Certificate to the Orchestrator Trust Store
vRealize Orchestrator Control Center uses a secure connection to communicate with vCenter, relational database management system (RDBMS), LDAP, Single Sign-On, and other servers. You can import the required TLS certificate from a URL or a PEM-encoded file. Each time you want to use a TLS connection to a server instance, you must import the corresponding certificate from the Trusted Certificates tab on the Certificates page and import the corresponding TLS certificate.
| Option | Description |
|---|---|
| Import from URL or proxy URL | The URL of the remote server: https://your_server_IP_address or your_server_IP_address:port |
| Import from file | Path to the PEM-encoded certificate file.
Note: You can also import a trusted certificate by running the
Import a trusted certificate from a file workflow in the
vRealize Orchestrator Client. The file imported through this workflow must be DER-encoded.
|
Package Signing Certificate
Packages exported from an vRealize Orchestrator server are digitally signed. Import, export, or generate a new certificate to be used for signing packages. Package signing certificates are a form of digital identification that is used to guarantee encrypted communication and a signature for your Orchestrator packages.
The vRealize Orchestrator Appliance includes a package signing certificate that is generated automatically, based on the network settings of the appliance. If the network settings of the appliance change, you must generate a new package signing certificate manually. After generating a new package signing certificate, all future exported packages are signed with the new certificate.
