5.1
Table Of Contents
- Installing and Configuring VMware vCenter Orchestrator
- Contents
- Installing and Configuring VMware vCenter Orchestrator
- Updated Information
- Introduction to VMware vCenter Orchestrator
- Orchestrator System Requirements
- Orchestrator Components Setup
- Installing and Upgrading Orchestrator
- Configuring the Orchestrator Server
- Start the Orchestrator Configuration Service
- Log In to the Orchestrator Configuration Interface
- Configure the Network Connection
- Orchestrator Network Ports
- Import the vCenter Server SSL Certificate
- Selecting the Authentication Type
- Configuring the Orchestrator Database Connection
- Server Certificate
- Configure the Default Plug-Ins
- Importing the vCenter Server License
- Start the Orchestrator Server
- Additional Configuration Options
- Change the Password of the Orchestrator Configuration Interface
- Change the Default Configuration Ports on the Orchestrator Client Side
- Uninstall a Plug-In
- Activate the Service Watchdog Utility
- Export the Orchestrator Configuration
- Import the Orchestrator Configuration
- Configure the Maximum Number of Events and Runs
- Import the Plug-In Licenses
- Orchestrator Log Files
- Configuration Use Cases and Troubleshooting
- Registering Orchestrator with vCenter Single Sign On in the vCenter Server Appliance
- Setting Up Orchestrator to Work with the vSphere Web Client
- Check Whether Orchestrator Is Successfully Registered as an Extension
- Unregister Orchestrator from vCenter Single Sign On
- Enable Orchestrator for Remote Workflow Execution
- Changing SSL Certificates
- Back Up the Orchestrator Configuration and Elements
- Unwanted Server Restarts
- Orchestrator Server Fails to Start
- Revert to the Default Password for Orchestrator Configuration
- Setting System Properties
- Disable Access to the Orchestrator Client By Nonadministrators
- Disable Access to Workflows from Web Service Clients
- Setting Server File System Access for Workflows and JavaScript
- Set JavaScript Access to Operating System Commands
- Set JavaScript Access to Java Classes
- Set Custom Timeout Property
- Modify the Number of Objects a Plug-In Search Obtains
- Modify the Number of Concurrent and Delayed Workflows
- Where to Go From Here
- Index
Server Certificate
The server certificate is a form of digital identification that is used to authenticate Web applications. Issued for
a particular server and containing information about the server’s public key, the certificate allows you to sign
all elements created in Orchestrator and guarantee authenticity. When the client receives an element from your
server, typically this is a package, the client verifies your identity and decides whether to trust your signature.
n
Create a Self-Signed Server Certificate on page 49
Installing Orchestrator or deploying the Orchestrator requires that you create a certificate. You can create
a self-signed certificate to guarantee encrypted communication and a signature for your packages.
However, the recipient cannot be sure that the self-signed package that you are sending is in fact a
package issued by your server and not a third party claiming to be you.
n
Obtain a Server Certificate Signed by a Certificate Authority on page 50
To provide recipients with an acceptable level of trust that the package was created by your server,
certificates are typically signed by a certificate authority (CA). Certificate authorities guarantee that you
are who you claim to be, and as a token of their verification, they sign your certificate with their own.
n
Import a Server Certificate on page 50
You can import a server certificate and use it with Orchestrator.
n
Export a Server Certificate on page 51
The server certificate private key is stored in the vmo_keystore table of the Orchestrator database. In case
you lose or delete this key, or if you bind the Orchestrator server to a different database, the contents of
the exported packages signed with this certificate become unavailable. To ensure that packages are
decrypted on import, you must save this key to a local file.
n
Changing a Self-Signed Server Certificate on page 51
If you want to sign your packages with a server certificate different from the one you used for the initial
Orchestrator configuration, you must export all your packages and change the Orchestrator database.
Create a Self-Signed Server Certificate
Installing Orchestrator or deploying the Orchestrator requires that you create a certificate. You can create a
self-signed certificate to guarantee encrypted communication and a signature for your packages. However,
the recipient cannot be sure that the self-signed package that you are sending is in fact a package issued by
your server and not a third party claiming to be you.
Procedure
1 Log in to the Orchestrator configuration interface as vmware.
2 Click Server Certificate.
3 Click Create certificate database and self-signed server certificate.
4 Type the relevant information.
5 From the drop-down menu, select a country.
6 Click Create.
Orchestrator generates a server certificate that is unique to your environment. The details about the certificate's
public key appear in the Server Certificate window. The certificate's private key is stored in the vmo_keystore
table of the Orchestrator database.
What to do next
For disaster recovery purposes, you can save the certificate private key to a local file.
Chapter 5 Configuring the Orchestrator Server
VMware, Inc. 49