6.4

Table Of Contents

Certificate Pairing 13

Before broker agents can communicate with the vRealize Operations for Published Applications adapter, the

adapter certicate must be shared with the agents, and the broker agent certicate must be shared with the

adapter. The process of sharing these certicates if referred to as certicate pairing.

The following actions occur during the certicate pairing process:

1 The broker agent's certicate is encrypted with the adapter's server key.

2 A connection is opened to the certicate management server and the encrypted certicate is passed to

the adapter instance. The adapter decrypts the broker agent's certicate by using the server key. If

decryption fails, an error is returned to the broker agent.

3 The broker agent's certicate is placed in the adapter's trust store.

4 The adapter's certicate is encrypted with the adapter's server key.

5 The encrypted certicate is returned to the broker agent. The broker agent decrypts the adapter's

certicate by using the server key. If decryption fails, an error is returned to the user.

6 The adapter's certicate is placed in the broker agent's trust store.

7 The adapter's certicate is sent to all XD-XA hosts via Group Policy.

After the certicates are successfully paired, they are cached in the trust stores for each individual

component. The broker certicate and the trust store are sent to all session hosts. The adapter certicate is

stored in the trust store and the broker certicate is stored in the v4pa-brokeragent.jks. If you provision a

new XD-XA server, the adapter's certicate is sent to the server by using the Group Policy, and you do not

need to pair the certicates again. However, if either the adapter or broker agent certicate changes, you

must pair the certicates again.

You use the vRealize Operations for Published Applications Broker Agent Seings wizard to pair

certicates.

VMware, Inc.