Using vRO 5.5.2, I have replaced the default certificate with one signed by an internal Microsoft CA. If I navigate via a web browser to the URL https://vroserver.fqdn:8281 the certificate behaves correctly, I don't get prompted about the certificate before viewing the site and can view the certificate successfully in the browser.
So that all looks good. However, when I connect from the same client machine with the vRO client I get prompted with the below:
The below KB suggests (near the bottom of the article) that :
If your Orchestrator SSL certificate is issued from a CA not imported in the Orchestrator keystore, you might receive warning certificate messages when you try to connect the Orchestrator client to the Orchestrator server. To fix that, add your root CA certificate to the Orchestrator keystore on the machine on which the Orchestrator client is installed.
and then steps to register the root CA certificate with the client.
However, the path ‘orchestrator_installation_directory\jre\lib\security\jssecacerts.’ doesn’t seem to exist.
Any ideas?
Hi,
check this out:
http://kaloferov.com/blog/how-to-change-the-ssl-certificate-of-a-vco-appliance/
BR
Best Regards / Поздрави
Spas Kaloferov | Technical Solutions Architect
,
Thank you, but I have already been through that process (or similar) via other sources on the web. My issue is that the certificate behaves correctly through a web browser (as per the test in your blog page), but not on the vRO Client.
Can you post a screenshot of the [Certification path] tab of the certificate?
Here you go:
You've set you've followed the article above. Did you PFX package contain also the sunnydale-DC01-CA certificate?
BR,
Spas Kaloferov
I have now been back, started from scratch using your guide rather than the others I used previously, specifically scenario 1 and get the same result. I can happily navigate with a web browser to the vCO server and the certificate looks fine, however the vCO client still prompts about the certificate.
To answer your question about pfx, I am not using a pfx since that is not mentioned in scenario 1 of your guide.
To me it still looks like the issue is with the vCO client as I mentioned earlier referencing this KB:
However, I am unable to carry out the solution since the path to the Orchestrator keystore on the client machine does not appear to exist.
HI ,
i actually sent you the link for the vCO Appliance. Here for the Windows vCO.
How to change the SSL certificate of Windows installed vCO
http://kaloferov.com/blog/how-to-change-the-ssl-certificate-of-windows-installed-vco/
Anyway the warning you get in the vCO Client after you change the certificate is expected. Just select to install it and ignore the message. Next time you login you will not receive it, because the vCO Client will be trusting the certificate this time.
BR,
Spas Kaloferov.