VMware Cloud Community
SpasKaloferov
VMware Employee
VMware Employee
‎12-23-2015 09:34 AM

BLOG POST: How to Change the SSL Certificate of a vRO Appliance (7.x)

Hi All,

In this post we will take a look into the SSL certificate replacement process for vRealize Orchestrator (vRO) 7.x appliance.

Generally there are two scenarios you might see related to the vRO SSL certificates.

Scenario 1:

In the first scenario you use the existing private key of the vRO self-signed certificate (with alias dunes) and the existing keystore. With this private key you generate a certificate request which than is being used by a Certificate Authority (CA) to generate the final certificate. You than import this certificate to the existing keystore together with the certificates of all the Root, Intermediate and Subordinate Certificate Authorities up to the root of the certificate chain. So for example if you have the usual 3-tier Root CA , Intermediate CA and Issuing CA hierarchy, you will need to import the certificates of all 3 of them into the keystore. You can also create a new keystore and import all certificates . if you have a certificate package (PKCS21, ect…) you can import it and it will import all the certificates from the chain.

In the first scenario we will use the existing keystore to import all of the certificates. In the second scenario we will create new keystore and import the certificate package containing the private key and all certificates form the certificate chain.

Scenario 2:

In the second scenario you have received a certificate package from your company’s CA or 3rd party public CA and you want to use this certificate to secure the communication to and from the vCO/vRO. A reason why you would want to have custom private key might be that you company has security policies which require higher bit encryption or particular cipher being used for all SSL communications.

In this example we will be importing a PFX certificate package that contains the certificate private key and also all of the certificates for all CA’s from the certificate chain. We will be creating new keystore to use.

How to Change the SSL Certificate of a vRO Appliance (7.x)

http://kaloferov.com/blog/how-to-change-the-ssl-certificate-of-a-vro-appliance-7-x/

Best Regards / Поздрави

Spas Kaloferov | Technical Solutions Architect

http://www.kaloferov.com/blog

0 Kudos
0 Replies