1.2.0
Table Of Contents
- Lifecycle Manager Installation and Configuration Guide
- Contents
- About This Book
- Introducing LCM
- Installing and Configuring Orchestrator
- Orchestrator Components Setup Guidelines
- Install Orchestrator
- Configuring Orchestrator
- Check Configuration Readiness
- Log In to the Orchestrator Configuration Interface
- Change the Default Password
- Revert to the Default Password for Orchestrator Configuration
- Configure the Network Connection
- Change the Default Configuration Ports on the Orchestrator Client Side
- Import the vCenter SSL Certificate
- Configuring LDAP Settings
- Password Encryption and Hashing Mechanism
- Configure the Database Connection
- Server Certificate
- Configure the Default Plug-Ins
- Import the vCenter Server License
- Start the Orchestrator Server
- Export the Orchestrator Configuration
- Import the Orchestrator Configuration
- Configure the Maximum Number of Events and Runs
- Change the Web View SSL Certificate
- Define the Server Log Level
- Maintenance and Recovery
- Controlling Orchestrator Access
- Installing and Configuring LCM
- Installing LCM
- Configuring LCM
- Check Configuration Readiness
- Initial Configuration of Lifecycle Manager
- Configure the LCM Web View
- Set Approval Requirements
- Configure Archiving Settings
- Change Authorization Groups
- Change the Naming Convention for Virtual Machines
- Enable Email Notifications
- Configure Email Notification Content
- Configure Currency and Date Formats
- Upgrading Orchestrator and LCM
- Uninstall LCM and Orchestrator
- Index
Create a Self-Signed Server Certificate
Installing Orchestrator requires that you create a self-signed certificate. You can create a self-signed certificate
to guarantee encrypted communication and a signature for your packages. However, the recipient cannot be
sure that the self-signed package you are sending is in fact a package issued by your server and not a third
party claiming to be you.
Procedure
1 Log in to the Orchestrator configuration interface as vmware.
2 Click Server Certificate.
3 Click Create certificate database and self-signed server certificate.
4 Enter the relevant information.
5 From the drop-down menu, select a country.
6 Click Create.
Orchestrator generates a server certificate that is unique to your environment. The details about the certificate
public key appear in the Server Certificate window. The certificate private key is stored in the vmo_keystore
table of the Orchestrator database.
What to do next
For disaster recovery purposes, you can save the certificate private key to a local file.
Obtain a Server Certificate Signed by a Certificate Authority
To provide recipients with an acceptable level of trust that the package was created by your server, certificates
are typically signed by a Certificate Authority (CA). Certificate Authorities guarantee that you are who you
claim to be, and as a token of their verification, they sign your certificate with their own.
Prerequisites
Create a self-signed server certificate or import an existing server certificate.
Procedure
1 Log in to the Orchestrator configuration interface as vmware.
2 Click Server Certificate.
3 Generate a Certificate Signing Request (CSR).
a Click Export certificate signing request.
b Save the VSOcertificate.csr file in your file system when prompted.
4 Send the CSR file to a Certificate Authority, such as Verisign or Thawte.
Procedures might vary from one CA to another, but they all require a valid proof of your identity.
CA returns a Certificate Signing Request that you must import. This is an exact copy of your actual
certificate and the CA signature.
5 Click Import certificate signing request signed by GA and select the file sent by your CA.
Orchestrator uses the server certificate to
n
Sign all packages before they are exported by attaching your certificate’s public key to each one.
n
Display a user prompt on importing a package that contains elements signed by untrusted certificates.
Lifecycle Manager Installation and Configuration Guide
42 VMware, Inc.