You can use the vRealize Orchestrator Appliance to generate a new TLS certificate for your environment or set an existing custom certificate.
The vRealize Orchestrator Appliance includes a Trusted Layer Security (TLS) certificate that is generated automatically, based on the network settings of the appliance. If the network settings of the appliance change, you must generate a new certificate manually. You can create a certificate chain to guarantee encrypted communication and provide a signature for your packages. However, the recipient cannot be sure that the self-signed package is in fact a package issued by your server and not a third party claiming to be you. To prove the identity of your server, use a certificate signed by a Certificate Authority (CA).
vRealize Orchestrator generates a server certificate that is unique to your environment. The private key is stored in the vmo_keystore
table of the vRealize Orchestrator database.
Prerequisites
Verify that SSH access for the vRealize Orchestrator Appliance is enabled. See Enable or Disable SSH Access to the vRealize Orchestrator Appliance.
Procedure
- Log in to the vRealize Orchestrator Appliance command line over SSH as root.
- Run the vracli certificate ingress --generate auto --set stdin command.
- To apply the custom certificate to your vRealize Orchestrator Appliance, run the deployment script.
- Navigate to the /opt/scripts/ directory.
cd /opt/scripts/
- Run the ./deploy.sh script.
Important: Do not interrupt the deployment script. You receive the following message when the script finishes running:
Prelude has been deployed successfully. To access, go to your_orchestrator_address
- Navigate to the /opt/scripts/ directory.