You can manage the vRealize Orchestrator certificates from the Certificates page in the vRealize Orchestrator Control Center or with the vRealize Orchestrator Client, by using the ssl_trust_manager tagged workflows .

Import a Certificate to the Orchestrator Trust Store

vRealize Orchestrator Control Center uses a secure connection to communicate with vCenter Server, relational database management system (RDBMS), LDAP, Single Sign-On, and other servers. You can import the required TLS certificate from a URL or a PEM-encoded file. Each time you want to use a TLS connection to a server instance, you must import the corresponding certificate from the Trusted Certificates tab on the Certificates page and import the corresponding TLS certificate.

You can load the TLS certificate in vRealize Orchestrator from a URL address or a PEM-encoded file.
Option Description
Import from URL or proxy URL

The URL of the remote server:

https://your_server_IP_address or your_server_IP_address:port

Import from file

Path to the PEM-encoded certificate file.

Note: You can also import a trusted certificate by running the Import a trusted certificate from a file workflow in the vRealize Orchestrator Client. The file imported through this workflow must be DER-encoded.
For more information on importing a certificate, see Import a Trusted Certificate with the Control Center.

Package Signing Certificate

Packages exported from an vRealize Orchestrator server are digitally signed. Import, export, or generate a new certificate to be used for signing packages. Package signing certificates are a form of digital identification that is used to guarantee encrypted communication and a signature for your Orchestrator packages.

The vRealize Orchestrator Appliance includes a package signing certificate that is generated automatically, based on the network settings of the appliance. If the network settings of the appliance change, you must generate a new package signing certificate manually. After generating a new package signing certificate, all future exported packages are signed with the new certificate.