4.2.1
Table Of Contents
- Installing and Configuring VMware vCenter Orchestrator
- Contents
- Installing and Configuring VMware vCenter Orchestrator
- Updated Information
- Introduction to VMware vCenter Orchestrator
- Orchestrator System Requirements
- Orchestrator Components Setup
- Installing and Upgrading Orchestrator
- Download the vCenter Server Installer
- Install vCenter Server and Orchestrator
- Install Orchestrator Standalone
- Install the Orchestrator Client on a 32-Bit Machine
- Upgrade vCenter Server 4.1 and Orchestrator
- Upgrade Orchestrator 4.1.x Standalone
- Upgrading Orchestrator 4.0.x Running on a 64-Bit Machine
- Upgrading Orchestrator 4.0.x and Migrating the Configuration Data
- Uninstall Orchestrator
- Initial Configuration of the Orchestrator Server
- Start the Orchestrator Configuration Service
- Log In to the Orchestrator Configuration Interface
- Configure the Orchestrator Configuration Interface for Remote Connection
- Configure the Network Connection
- Orchestrator Network Ports
- Import the vCenter Server SSL Certificate
- Configuring LDAP Settings
- Configuring the Orchestrator Database Connection
- Server Certificate
- Configure the Default Plug-Ins
- Import the vCenter Server License
- Start the Orchestrator Server
- Further Configuration Options
- Revert to the Default Password for Orchestrator Configuration
- Change the Default Configuration Ports on the Orchestrator Client Side
- Uninstall a Plug-In
- Activate the Service Watchdog Utility
- Unwanted Server Restarts
- Export the Orchestrator Configuration
- Import the Orchestrator Configuration
- Configure the Maximum Number of Events and Runs
- Import the Plug-In Licenses
- Changing SSL Certificates
- Define the Server Log Level
- Filter the Orchestrator Log Files
- Enable Orchestrator for Remote Workflow Execution
- Where to Go From Here
- Index
4 Import the SSL certificate in your local keystore.
a Download a root certificate from the CA that signed your certificate.
b Import the root certificate in your keystore by running following command in the Java utility.
keytool -import -alias root -keystore <your_keystore_filename> \
-trustcacerts -file <filename_of_the_root_certificate>
c Import the SSL certificate signed by the CA (the SSL certificate must be in X509 format).
keytool -import -alias mySslCertificate -keystore <your_keystore_filename> \
-trustcacerts -file <your_certificate_filename>
The SSL certificate is installed. You can change the Web views SSL certificate or the SSL certificate for the
Orchestrator client.
Change the Web Views SSL Certificate
Orchestrator provides an SSL certificate that controls user access to Web views. You can configure Orchestrator
to use a different SSL certificate to control access to Web views, for example if your company security policy
requires you to use their SSL certificates.
Prerequisites
Make sure that you have installed an SSL certificate signed by a CA.
Procedure
1 Open the following Orchestrator application server configuration file in a text editor.
Option Action
If you installed the standalone
version of Orchestrator
Go to
install_directory
\VMware\Orchestrator\app-
server\server\vmo\deploy\jboss-deploy-tomcat\jbossweb-
tomcat55.sar\server.xml.
If the vCenter Server installed
Orchestrator
Go to
install_directory
\VMware\Infrastructure\Orchestrator\app-
server\server\vmo\deploy\jboss-deploy-tomcat\jbossweb-
tomcat55.sar\server.xml.
2 Find the following entry at line 44 in the server.xml file.
<!-- Define a SSL HTTP/1.1 Connector on port ${ch.dunes.https-server.port} -->
<Connector address="${jboss.bind.address}" protocol="HTTP/1.1" SSLEnabled="true"
clientAuth="false" emptySessionPath="true"
keystoreFile="${java.home}/lib/security/jssecacerts"
keystorePass="dunesdunes"
maxHttpHeaderSize="8192" maxThreads="100"
port="${ch.dunes.https-server.port}" scheme="https" secure="true"
sslProtocol="TLS" strategy="ms" />
3 Change the keystoreFile and keystorePass attributes to refer to the .keystore file and the password you
created when you ran the keytool utility.
keystoreFile="/PathToKeystore/.keystore"
keystorePass="NewKeystorePassword"
The keystorFile attribute should contain slashes as directory separators.
4 Save the server.xml file and restart the Orchestrator server.
You changed the SSL certificate that the Orchestrator server uses to control access to Web views.
Installing and Configuring VMware vCenter Orchestrator
68 VMware, Inc.