4.1
Table Of Contents
- vCenter Orchestrator Installation and Configuration Guide
- Contents
- Updated Information
- About This Book
- Introduction to VMware vCenter Orchestrator
- Orchestrator System Requirements
- Orchestrator Components Setup Guidelines
- Installing and Upgrading Orchestrator
- Upgrading to Orchestrator 4.1 and Migrating the Orchestrator Data
- Uninstall Orchestrator
- Configuring Orchestrator
- Start the Orchestrator Configuration Service
- Log In to the Orchestrator Configuration Interface
- Change the Default Password
- Revert to the Default Password for Orchestrator Configuration
- Configure the Network Connection
- Change the Default Configuration Ports on the Orchestrator Client Side
- Import the vCenter Server SSL Certificate
- Configuring LDAP Settings
- Password Encryption and Hashing Mechanism
- Configure the Database Connection
- Server Certificate
- Configure the Default Plug-Ins
- Access Rights to Orchestrator Server
- Import the vCenter Server License
- Start the Orchestrator Server
- Export the Orchestrator Configuration
- Import the Orchestrator Configuration
- Configure the Maximum Number of Events and Runs
- Install an Application
- Import the Plug-In Licenses
- Change the Web View SSL Certificate
- Define the Server Log Level
- Where to Go From Here
- Index
Obtain a Server Certificate Signed by a Certificate Authority
To provide recipients with an acceptable level of trust that the package was created by your server, certificates
are typically signed by a Certificate Authority (CA). Certificate Authorities guarantee that you are who you
claim to be, and as a token of their verification, they sign your certificate with their own.
Prerequisites
Create a self-signed server certificate or import an existing server certificate.
Procedure
1 Log in to the Orchestrator configuration interface as vmware.
2 Click Server Certificate.
3 Generate a Certificate Signing Request (CSR).
a Click Export certificate signing request.
b Save the VSOcertificate.csr file in your file system when prompted.
4 Send the CSR file to a Certificate Authority, such as Verisign or Thawte.
Procedures might vary from one CA to another, but they all require a valid proof of your identity.
CA returns a Certificate Signing Request that you must import. This is an exact copy of your actual
certificate and the CA signature.
5 Click Import certificate signing request signed by GA and select the file sent by your CA.
Orchestrator uses the server certificate to
n
Sign all packages before they are exported by attaching your certificate’s public key to each one.
n
Display a user prompt on importing a package that contains elements signed by untrusted certificates.
What to do next
You can import this certificate on other servers.
Export a Server Certificate
The server certificate private key is stored in the vmo_keystore table of the Orchestrator database. In case you
lose or delete this key, or if you bind the Orchestrator server to a different database, the content of the exported
packages signed with this certificate will become unavailable. To ensure that packages are decrypted on import,
you must save this key to a local file.
Prerequisites
You must have created or imported a server certificate.
Procedure
1 Log in to the Orchestrator configuration interface as vmware.
2 Click Server Certificate.
3 Click Export certificate database.
4 Enter a password to encrypt the content of the exported keystore database.
You must enter this password again when importing the file.
5 Click Export.
Chapter 7 Configuring Orchestrator
VMware, Inc. 49