7.4
Table Of Contents
- Managing vRealize Automation
- Contents
- Managing vRealize Automation
- Maintaining and Customizing vRealize Automation Components and Options
- Broadcast a Message on the Message Board Portlet
- Starting Up and Shutting Down vRealize Automation
- Updating vRealize Automation Certificates
- Extracting Certificates and Private Keys
- Replace Certificates in the vRealize Automation Appliance
- Replace the Infrastructure as a Service Certificate
- Replace the IaaS Manager Service Certificate
- Update Embedded vRealize Orchestrator to Trust vRealize Automation Certificates
- Update External vRealize Orchestrator to Trust vRealize Automation Certificates
- Updating the vRealize Automation Appliance Management Site Certificate
- Replace a Management Agent Certificate
- Change the Polling Method for Certificates
- Managing the vRealize Automation Postgres Appliance Database
- Backup and Recovery for vRealize Automation Installations
- The Customer Experience Improvement Program
- Adjusting System Settings
- Monitoring vRealize Automation
- Monitoring vRealize Automation Health
- Monitoring and Managing Resources
- Monitoring Containers
- Bulk Import, Update, or Migrate Virtual Machines
See the vRealize Orchestrator documentation for information about updating and replacing
vRealize Orchestrator certificates.
If you replace or update vRealize Automation certificates without completing this procedure, the
vRealize Orchestrator Control Center may be inaccessible, and errors may appear in the vco-server and
vco-configurator log files.
Problems with updating certificates can also occur if vRealize Orchestrator is configured to authenticate
against a different tenant and group than vRealize Automation. See
https://kb.vmware.com/selfservice/microsites/search.do?
language=en_US&cmd=displayKC&externalId=2147612.
Procedure
1 Stop the vRealize Orchestrator server and Control Center services.
service vco-server stop
service vco-configurator stop
2 Reset the vRealize Orchestrator authentication provider by running the following command.
/var/lib/vco/tools/configuration-cli/bin/vro-configure.sh reset-authentication
ls -l /etc/vco/app-server/
mv /etc/vco/app-server/vco-registration-id /etc/vco/app-server/vco-registration-id.old
vcac-vami vco-service-reconfigure
3 Check the trusted certificate for the vRealize Orchestrator trust store using the command line
interface utility located at /var/lib/vco/tools/configuration-cli/bin with the following
command:
/var/lib/vco/tools/configuration-cli/bin/vro-configure.sh list-trust
n
Check for the certificate with the following alias: vco.cafe.component-registry.ssl.certificate. This
should be the vRealize Automation certificate that the vRealize Orchestrator instance uses as an
authentication provider.
n
This certificate must match the newly configured vRealize Automation certificate. If it does not
match, it can be changed as follows
1 Copy your vRealize Automation signed appliance certificate PEM file to the /tmp folder on
the appliance.
2 Run the following command adding the appropriate certificate path:
./vro-configure.sh trust --registry-certificate path-to-the-certificate-file-in-PEM-format
See the following example command:
/var/lib/vco/tools/configuration-cli/bin/vro-configure.sh trust --registry-
certificate /tmp/certs/vra.pem
Managing vRealize Automation
VMware, Inc. 20