<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: vRO 8 - replace self-signed certificate in VMware Aria Automation Orchestrator Discussions</title>
    <link>https://communities.vmware.com/t5/VMware-Aria-Automation/vRO-8-replace-self-signed-certificate/m-p/2978968#M26368</link>
    <description>&lt;P&gt;You can now use LCM 8.12+ to manage certificates and updates for vRO (vra and standalone&lt;/P&gt;</description>
    <pubDate>Tue, 25 Jul 2023 08:52:31 GMT</pubDate>
    <dc:creator>Windspirit</dc:creator>
    <dc:date>2023-07-25T08:52:31Z</dc:date>
    <item>
      <title>vRO 8 - replace self-signed certificate</title>
      <link>https://communities.vmware.com/t5/VMware-Aria-Automation/vRO-8-replace-self-signed-certificate/m-p/1851555#M16093</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Hello guys, &lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;Can someone explain how to replace vro 8 self-signed certificate?&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;thank you.&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 20 Nov 2019 11:02:14 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-Aria-Automation/vRO-8-replace-self-signed-certificate/m-p/1851555#M16093</guid>
      <dc:creator>nef_user</dc:creator>
      <dc:date>2019-11-20T11:02:14Z</dc:date>
    </item>
    <item>
      <title>Re: vRO 8 - replace self-signed certificate</title>
      <link>https://communities.vmware.com/t5/VMware-Aria-Automation/vRO-8-replace-self-signed-certificate/m-p/1851556#M16094</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;Hi,&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;There are some sections about certificate management in official documentation - check &lt;A href="https://docs.vmware.com/en/vRealize-Orchestrator/8.0/com.vmware.vrealize.orchestrator-install-config.doc/GUID-617B93F2-34E6-402B-982D-59981B5ACBF6.html"&gt;https://docs.vmware.com/en/vRealize-Orchestrator/8.0/com.vmware.vrealize.orchestrator-install-config.doc/GUID-617B93F2-34E6-402B-982D-59981B5ACBF6.html&lt;/A&gt; and &lt;A href="https://docs.vmware.com/en/vRealize-Orchestrator/8.0/com.vmware.vrealize.orchestrator-install-config.doc/GUID-76C01645-DF12-4810-B2F4-788C05426629.html"&gt;https://docs.vmware.com/en/vRealize-Orchestrator/8.0/com.vmware.vrealize.orchestrator-install-config.doc/GUID-76C01645-DF12-4810-B2F4-788C05426629.html&lt;/A&gt;&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Wed, 20 Nov 2019 13:24:11 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-Aria-Automation/vRO-8-replace-self-signed-certificate/m-p/1851556#M16094</guid>
      <dc:creator>iiliev</dc:creator>
      <dc:date>2019-11-20T13:24:11Z</dc:date>
    </item>
    <item>
      <title>Re: vRO 8 - replace self-signed certificate</title>
      <link>https://communities.vmware.com/t5/VMware-Aria-Automation/vRO-8-replace-self-signed-certificate/m-p/1851557#M16095</link>
      <description>&lt;HTML&gt;&lt;HEAD&gt;&lt;/HEAD&gt;&lt;BODY&gt;&lt;P&gt;&lt;SPAN style="font-size: 10pt;"&gt;Hi,&lt;/SPAN&gt; &lt;SPAN style="font-family: proxima-nova, Arial, sans-serif; font-size: 10pt;"&gt;Ilian,&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN style="font-family: proxima-nova, Arial, sans-serif; font-size: 10pt;"&gt;I'had the same doubt. I read the documentation and I didn't find nothing specific about how to change the self signed certificate by a Certification Authority. Some doubts about this subject:&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN style="font-family: proxima-nova, Arial, sans-serif; font-size: 10pt;"&gt;1 - Where and how to generate the .csr file to send to a certification authority? (I should use openssl commands inside the vro appliance or this command should be executed inside a docker container?)&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN style="font-family: proxima-nova, Arial, sans-serif; font-size: 10pt;"&gt;2 - After the certification authority returns the certificate signed, how I input this certificate on my appliance? Is directly in the appliance or in docker container?&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN style="font-family: proxima-nova, Arial, sans-serif; font-size: 10pt;"&gt;3 - How turn this changes permanents? (Survive after the appliance reboot)?&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN style="font-family: proxima-nova, Arial, sans-serif; font-size: 10pt;"&gt;Thanks in advance &lt;img class="lia-deferred-image lia-image-emoji" src="https://communities.vmware.com/html/@BDE1C7A967AC45D8A4A4C2AFE83F7C64/emoticons/1f603.png" alt=":grinning_face_with_big_eyes:" title=":grinning_face_with_big_eyes:" /&gt;&lt;/SPAN&gt;&lt;/P&gt;&lt;P&gt;&lt;/P&gt;&lt;P&gt;&lt;SPAN style="font-family: proxima-nova, Arial, sans-serif; font-size: 10pt;"&gt;Diego Bejar&lt;/SPAN&gt;&lt;/P&gt;&lt;/BODY&gt;&lt;/HTML&gt;</description>
      <pubDate>Thu, 21 Nov 2019 12:28:54 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-Aria-Automation/vRO-8-replace-self-signed-certificate/m-p/1851557#M16095</guid>
      <dc:creator>DiegoBejar</dc:creator>
      <dc:date>2019-11-21T12:28:54Z</dc:date>
    </item>
    <item>
      <title>Re: vRO 8 - replace self-signed certificate</title>
      <link>https://communities.vmware.com/t5/VMware-Aria-Automation/vRO-8-replace-self-signed-certificate/m-p/1851558#M16096</link>
      <description>&lt;P&gt;Hi,&lt;/P&gt;&lt;P&gt;I solved this by doing the following:&lt;/P&gt;&lt;UL&gt;&lt;LI&gt;SSH into vro 8&lt;/LI&gt;&lt;LI&gt;run the following command&lt;/LI&gt;&lt;/UL&gt;&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; openssl req -nodes -newkey rsa:2048 -keyout vro8.mylab.local.key -out vro8.mylab.local.csr -subj "/C=AU/ST=Victoria/L=Melbourne/O=vleet apac/OU=testing/CN=vro8.mylab.local";&lt;/P&gt;&lt;UL&gt;&lt;LI&gt;That creates two files. one CSR and a Key&lt;/LI&gt;&lt;LI&gt;use the CSR to get a signed cert&lt;/LI&gt;&lt;LI&gt;upload the signed cert with the intermediate and root&amp;nbsp; certs (ORDER: Host, intermediate, root)&lt;/LI&gt;&lt;LI&gt;attach the key to the top of the file (Order: Private:host,intermediate,root) -&amp;gt; /root/cert.pem&lt;/LI&gt;&lt;LI&gt;then run:&lt;BR /&gt;&lt;SPAN class=""&gt;&lt;SPAN class=""&gt;vracli certificate ingress --set /root/cert.pem&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/LI&gt;&lt;LI&gt;this showed an error about the sha254 but thats fine. just redrun the command&lt;BR /&gt;&lt;SPAN class=""&gt;&lt;SPAN class=""&gt;vracli certificate ingress --set /root/cert.pem --sha256 [the sha key from the error message]&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/LI&gt;&lt;LI&gt;&lt;SPAN class=""&gt;&lt;SPAN class=""&gt;wait till this finised&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/LI&gt;&lt;LI&gt;&lt;SPAN class=""&gt;&lt;SPAN class=""&gt;the cd /opt/script&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/LI&gt;&lt;LI&gt;&lt;SPAN class=""&gt;&lt;SPAN class=""&gt;and run ./deploy.sh&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/LI&gt;&lt;LI&gt;&lt;SPAN class=""&gt;&lt;SPAN class=""&gt;This will take a while but work.&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/LI&gt;&lt;LI&gt;&lt;SPAN class=""&gt;&lt;SPAN class=""&gt;Reload your browser&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/LI&gt;&lt;/UL&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;P&gt;&lt;SPAN class=""&gt;&lt;SPAN class=""&gt;ENJOY!&lt;/SPAN&gt;&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Tue, 25 Jul 2023 07:46:31 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-Aria-Automation/vRO-8-replace-self-signed-certificate/m-p/1851558#M16096</guid>
      <dc:creator>Windspirit</dc:creator>
      <dc:date>2023-07-25T07:46:31Z</dc:date>
    </item>
    <item>
      <title>Re: vRO 8 - replace self-signed certificate</title>
      <link>https://communities.vmware.com/t5/VMware-Aria-Automation/vRO-8-replace-self-signed-certificate/m-p/2833020#M25104</link>
      <description>&lt;P&gt;Hey,&lt;/P&gt;&lt;P&gt;I am also searching for the possibility to change the certificates, but it does not want to work.&lt;/P&gt;&lt;P&gt;I did what&amp;nbsp;&lt;a href="https://communities.vmware.com/t5/user/viewprofilepage/user-id/162194"&gt;@Windspirit&lt;/a&gt;&amp;nbsp;described but receive the following error:&lt;/P&gt;&lt;P&gt;"vracli certificate ingress --set /root/cert.pem&lt;BR /&gt;Invalid encryption or hash algorithm:&lt;BR /&gt;Expected one of: ['sha224WithRSAEncryption', 'sha256WithRSAEncryption', 'sha384W ithRSAEncryption', 'sha512WithRSAEncryption']"&lt;/P&gt;&lt;P&gt;I also tried the other way to create the csr by creating a .cfg-file with all parameters which is then combined with the encrypted .key-file to finally create the csr. The .cfg-file looked like this:&lt;/P&gt;&lt;P&gt;"[ req ]&lt;BR /&gt;default_md = sha512&lt;BR /&gt;default_bits = 2048&lt;BR /&gt;default_keyfile = rui.key&lt;BR /&gt;distinguished_name = req_distinguished_name&lt;BR /&gt;encrypt_key = no&lt;BR /&gt;prompt = no&lt;BR /&gt;string_mask = nombstr&lt;BR /&gt;req_extensions = v3_req&lt;BR /&gt;&lt;BR /&gt;[ v3_req ]&lt;BR /&gt;basicConstraints = CA:FALSE&lt;BR /&gt;keyUsage = digitalSignature, keyEncipherment, dataEncipherment&lt;BR /&gt;extendedKeyUsage = serverAuth, clientAuth&lt;BR /&gt;subjectAltName = DNS: XX, DNS: XX, DNS: XX&lt;BR /&gt;&lt;BR /&gt;[ req_distinguished_name ]&lt;BR /&gt;countryName = XX&lt;BR /&gt;stateOrProvinceName = XX&lt;BR /&gt;localityName = XX&lt;BR /&gt;0.organizationName = XX&lt;BR /&gt;organizationalUnitName = XX&lt;BR /&gt;commonName = XX"&lt;/P&gt;&lt;P&gt;In both ways I receive the same error as shown above.&lt;/P&gt;&lt;P&gt;Which command do I have to enter to go on/ignore the error as described? And why does the error concerning the encryption is even mentioned since at least in the cfg-file it is mentioned explicitly that sha512 should be used which seems to be asked for concerning the error message?&lt;/P&gt;&lt;P&gt;Unfortunately there are not a lot of detailed articles from VMware for the certificate issue.&lt;/P&gt;&lt;P&gt;Thanks in advance for your support.&lt;/P&gt;&lt;P&gt;Greetings&lt;/P&gt;&lt;P&gt;Michael&lt;/P&gt;</description>
      <pubDate>Mon, 01 Mar 2021 12:45:43 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-Aria-Automation/vRO-8-replace-self-signed-certificate/m-p/2833020#M25104</guid>
      <dc:creator>oos</dc:creator>
      <dc:date>2021-03-01T12:45:43Z</dc:date>
    </item>
    <item>
      <title>Re: vRO 8 - replace self-signed certificate</title>
      <link>https://communities.vmware.com/t5/VMware-Aria-Automation/vRO-8-replace-self-signed-certificate/m-p/2921158#M25872</link>
      <description>&lt;P&gt;The error said you haven't used the right encryption...check that&lt;/P&gt;&lt;P&gt;Did you get ur cert signed?&lt;/P&gt;&lt;P&gt;Did you put all the certs in the right order?&lt;/P&gt;&lt;UL&gt;&lt;LI&gt;&lt;SPAN&gt;Host cert (the one you got signed)&lt;/SPAN&gt;&lt;/LI&gt;&lt;LI&gt;&lt;SPAN&gt;any intermediate certs&lt;/SPAN&gt;&lt;/LI&gt;&lt;LI&gt;&lt;SPAN&gt;root cert (of your domain that signed the cert)&lt;/SPAN&gt;&lt;/LI&gt;&lt;LI&gt;&lt;SPAN&gt;Private Key (I think it needs to go to the end of the PEM file...may have that wrong in the description&lt;/SPAN&gt;&lt;/LI&gt;&lt;/UL&gt;&lt;P&gt;&lt;SPAN&gt;&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;</description>
      <pubDate>Thu, 28 Jul 2022 17:34:29 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-Aria-Automation/vRO-8-replace-self-signed-certificate/m-p/2921158#M25872</guid>
      <dc:creator>Windspirit</dc:creator>
      <dc:date>2022-07-28T17:34:29Z</dc:date>
    </item>
    <item>
      <title>Re: vRO 8 - replace self-signed certificate</title>
      <link>https://communities.vmware.com/t5/VMware-Aria-Automation/vRO-8-replace-self-signed-certificate/m-p/2978968#M26368</link>
      <description>&lt;P&gt;You can now use LCM 8.12+ to manage certificates and updates for vRO (vra and standalone&lt;/P&gt;</description>
      <pubDate>Tue, 25 Jul 2023 08:52:31 GMT</pubDate>
      <guid>https://communities.vmware.com/t5/VMware-Aria-Automation/vRO-8-replace-self-signed-certificate/m-p/2978968#M26368</guid>
      <dc:creator>Windspirit</dc:creator>
      <dc:date>2023-07-25T08:52:31Z</dc:date>
    </item>
  </channel>
</rss>

