Set a custom TLS Certificate for your vRealize Orchestrator Appliance.
The vRealize Orchestrator Appliance includes a Trusted Layer Security (TLS) certificate that is generated automatically, based on the network settings of the appliance.
You can configure your vRealize Orchestrator Appliance to use an existing custom TLS certificate. You can set the certificate by importing the relevant PEM file from your local machine into the vRealize Orchestrator Appliance. You can also set your custom TLS certificate by copying the certificate chain directly into the vRealize Orchestrator Appliance. Both procedures require you to run the ./deploy.sh script before the new TLS certificate can be used in your vRealize Orchestrator deployment.
For information on generating a new custom TLS certificate, see Generate a Custom TLS Certificate for vRealize Orchestrator.
Prerequisites
- Verify that SSH access for the vRealize Orchestrator Appliance is enabled. See Enable or Disable SSH Access to the vRealize Orchestrator Appliance.
- Verify that the PEM file containing the TLS certificate contains the following components in the set order:
- The private key for the certificate.
- The primary certificate.
- If applicable, the Certificate Authority (CA) intermediate certificate or certificates.
- The root CA certificate.
For example, the TLS certificate can have the following structure:-----BEGIN RSA PRIVATE KEY----- <Private Key> -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- <Primary TLS certificate> -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- <Intermediate certificate> -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- <Root CA certificate> -----END CERTIFICATE-----
Procedure
Results
You have set custom TLS certificate for your vRealize Orchestrator Appliance.
What to do next
To confirm that the new certificate chain is applied, run the vracli certificate ingress --list command.