- VMware Technology Network
- :
- Cloud & SDDC
- :
- VMware Aria Automation Orchestrator
- :
- VMware Aria Automation Orchestrator Discussions
- :
- Blog post "How to change the SSL certificate of WI...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Blog post "How to change the SSL certificate of WIndows installed vCO"
In this post we will take a look into the certificate replacement process for vCenter Orchestrator (vCO)/vRealize Orchestrator (vRO) installed on Windows. As basis we will be using the great post by Burke Azbill (Work with vCO over SSL)from the vCO Team. Also special thanks to Nick Jacques on figuring out some of the content. In this example we will show how to install third party certificate In order to work with vCO over SSL.We will be using vCO version 5.5.2, but the process is the same for previous versions of vCO, with exception that paths to the keystores or the keytool might have changed.
Generally there are two scenarios you might see related to the vCO/vRO SSL certificates.
Scenario 1:
In the first scenario you use the existing private key of the existing vCO/vRO self-signed certificate (with alias dunes) and the existing keystore. With this private key you generate a certificate request which than is being used by a Certificate Authority (CA) to generate the certificate. You than import this certificate to the existing keystore together with the certificates of all Certificate Authorities up to the root of the certificate chain. So for example if you have the usual 3-tier Root CA , Intermediate CA and Issuing CA hierarchy, you will need to import the certificates of all 3 of them into the keystore. You can also create a new keystore and import all certificates there or if you have a certificate package (PKCS21, ect…) you can import only it.
In the first scenario we will use the existing keystore to import all of the certificates. In the second scenario we will create new keystore and import the certificate package containing the private key and all certificates form the certificate chain.
Scenario 2:
In the second scenario you have received a certificate package from your company’s CA or 3rd party public CA and you want to use this certificate to secure the communication to and from the vCO/vRO. A reason why you would want to have custom private key might be that you company has security policies which require higher bit encryption or particular cypher being used for all SSL communications.
In this example we will be importing a PFX certificate package that contains the certificate private key and also all of the certificates for all CA’s from the certificate chain. We will be creating new keystore to use.
How to change the SSL certificate of WIndows installed vCO
How to change the SSL certificate of WIndows installed vCO | Spas Kaloferov's Blog
Best Regards,
Spas Kaloferov