4.2

Table Of Contents
Table 5-5. Database Connection Parameters (Continued)
Connection Parameter Description
Domain (SQL Server only) To use Windows authentication, specify the domain name of the SQL Server machine, for
example company.org.
To use SQL authentication, leave this text box blank.
Use Windows
authentication mode
(NTLMv2)
Select to send NTLMv2 responses when using Windows authentication.
This option is valid only for SQL Server.
Server Certificate
The server certificate is a form of digital identification that is used with HTTPS to authenticate Web
applications. Issued for a particular server and containing information about the server’s public key, the
certificate allows you to sign all elements created in Orchestrator and guarantee authenticity. When the client
receives an element from your server (typically this is a package), they verify your identity and decide whether
to trust your signature.
n
Create a Self-Signed Server Certificate on page 51
Installing Orchestrator or deploying the Orchestrator requires that you create a certificate. You can create
a self-signed certificate to guarantee encrypted communication and a signature for your packages.
However, the recipient cannot be sure that the self-signed package that you are sending is in fact a
package issued by your server and not a third party claiming to be you.
n
Obtain a Server Certificate Signed by a Certificate Authority on page 52
To provide recipients with an acceptable level of trust that the package was created by your server,
certificates are typically signed by a certificate authority (CA). Certificate authorities guarantee that you
are who you claim to be, and as a token of their verification, they sign your certificate with their own.
n
Import a Server Certificate on page 52
You can import a server certificate and use it with Orchestrator.
n
Export a Server Certificate on page 53
The server certificate private key is stored in the vmo_keystore table of the Orchestrator database. In case
you lose or delete this key, or if you bind the Orchestrator server to a different database, the contents of
the exported packages signed with this certificate become unavailable. To ensure that packages are
decrypted on import, you must save this key to a local file.
n
Changing a Self-Signed Server Certificate on page 53
If you want to sign your packages with a server certificate different from the one you used for the initial
Orchestrator configuration, you must export all your packages and change the Orchestrator database.
Create a Self-Signed Server Certificate
Installing Orchestrator or deploying the Orchestrator requires that you create a certificate. You can create a
self-signed certificate to guarantee encrypted communication and a signature for your packages. However,
the recipient cannot be sure that the self-signed package that you are sending is in fact a package issued by
your server and not a third party claiming to be you.
Procedure
1 Log in to the Orchestrator configuration interface as vmware.
2 Click Server Certificate.
3 Click Create certificate database and self-signed server certificate.
4 Type the relevant information.
Chapter 5 Initial Configuration of the Orchestrator Server
VMware, Inc. 51