Create VMCA signed vRO Certifcate

Create VMCA signed vRO Certifcate

Creating a Certificate for vRO is a good idea...and it is even easier if you are using the VMCA (VMware Certificate Authority) that is part of the PSC (Platform Controller Service).

The cool thing is that if you have used your own enterprise CA to make the VMCA a Subordinate Certificate Authority (kb.vmware.com/kb/2111219) then your CA trusts your VMCA and VMCA trusts vRO.

If you dont have a CA you can export the VMCA root cert and import it into your trusted root certificates on your computer, which automatically results that the certs for vCenter and all ESXi server URLS are trusted. (see VMware Certificate Authority overview and using VMCA Root Certificates in a browser)

1. Open a SSH connection to your PSC (or to vCenter if your PSC is installed with the vCenter)

2. Create a Config file /tmp/vro.conf with a content simular to this:

Country = DE

Name= vro

Organization = vLeet GmbH

OrgUnit = Consulting

State = Bayern

Locality = Munich

IPAddress = 192.168.220.12

Email = daniel.langenhan@vleet.de

Hostname = vro.mylab.local

3. Run the following commands to generate a cert using vmca

cd /usr/lib/vmware-vmca/bin/

./certool ‑‑genkey ‑‑privkey=/tmp/vro.prikey ‑‑pubkey=/tmp/vro.pubkey

./certool ‑‑gencert ‑‑privkey=/tmp/vro.prikey ‑‑cert=/tmp/vro.cert ‑‑config /tmp/vro.conf

4. Download the vmca root certificate

wget https://127.0.0.1/certs/download --no-check-certificate -O /tmp/vmca.zip

5. Build the .pem file

cd /tmp

unzip  vmca.zip

awk 1 vro.prkey vro.cert certs/6bc2e122.0 >vro.pem

6. Use SCP to download the .pem file to your local computer

7. Open the Orchestrator Control Center, Click on Certificates and select Orchestrator Server SSL Certificate

8. Click on Import and select the .pem file to import.

9. Click again on import and then reboot the Appliance.

This is just ONE of the new updates in the upcoming vRealize Orchestrator Cookbook 2nd Edition. Check my website ( Langenhan.info ) for more information

Version history
Revision #:
1 of 1
Last update:
‎06-26-2016 04:51 AM
Updated by: