4.1
Table Of Contents
- vCenter Orchestrator Installation and Configuration Guide
- Contents
- Updated Information
- About This Book
- Introduction to VMware vCenter Orchestrator
- Orchestrator System Requirements
- Orchestrator Components Setup Guidelines
- Installing and Upgrading Orchestrator
- Upgrading to Orchestrator 4.1 and Migrating the Orchestrator Data
- Uninstall Orchestrator
- Configuring Orchestrator
- Start the Orchestrator Configuration Service
- Log In to the Orchestrator Configuration Interface
- Change the Default Password
- Revert to the Default Password for Orchestrator Configuration
- Configure the Network Connection
- Change the Default Configuration Ports on the Orchestrator Client Side
- Import the vCenter Server SSL Certificate
- Configuring LDAP Settings
- Password Encryption and Hashing Mechanism
- Configure the Database Connection
- Server Certificate
- Configure the Default Plug-Ins
- Access Rights to Orchestrator Server
- Import the vCenter Server License
- Start the Orchestrator Server
- Export the Orchestrator Configuration
- Import the Orchestrator Configuration
- Configure the Maximum Number of Events and Runs
- Install an Application
- Import the Plug-In Licenses
- Change the Web View SSL Certificate
- Define the Server Log Level
- Where to Go From Here
- Index
4 Export a Server Certificate on page 49
The server certificate private key is stored in the vmo_keystore table of the Orchestrator database. In case
you lose or delete this key, or if you bind the Orchestrator server to a different database, the content of
the exported packages signed with this certificate will become unavailable. To ensure that packages are
decrypted on import, you must save this key to a local file.
5 Change a Self-Signed Server Certificate on page 50
If you want to sign your packages with a server certificate different from the one you used for the initial
Orchestrator configuration, you need to export all your packages and reinstall the Orchestrator server.
Import a Server Certificate
You can import a server certificate and use it with Orchestrator.
Procedure
1 Log in to the Orchestrator configuration interface as vmware.
2 Click Server Certificate.
3 Click Import certificate database.
4 Browse to select the certificate file to import.
5 Enter the password used to decrypt the content of the imported keystore database.
The details about the imported server certificate appear in the Server Certificate window.
Create a Self-Signed Server Certificate
Installing Orchestrator requires that you create a self-signed certificate. You can create a self-signed certificate
to guarantee encrypted communication and a signature for your packages. However, the recipient cannot be
sure that the self-signed package you are sending is in fact a package issued by your server and not a third
party claiming to be you.
Procedure
1 Log in to the Orchestrator configuration interface as vmware.
2 Click Server Certificate.
3 Click Create certificate database and self-signed server certificate.
4 Enter the relevant information.
5 From the drop-down menu, select a country.
6 Click Create.
Orchestrator generates a server certificate that is unique to your environment. The details about the certificate
public key appear in the Server Certificate window. The certificate private key is stored in the vmo_keystore
table of the Orchestrator database.
What to do next
For disaster recovery purposes, you can save the certificate private key to a local file.
vCenter Orchestrator Installation and Configuration Guide
48 VMware, Inc.