If you want to sign your packages with a server certificate different from the one you used for the initial Orchestrator configuration, you must export all your packages and change the Orchestrator database.
This workflow describes the process to change the Orchestrator self-signed certificate.
1 |
Export all your packages by using the Orchestrator client. | ||||||||||||
2 |
Create a new database and configure Orchestrator to work with it. You configure the Orchestrator database connection by using the Orchestrator configuration interface. For more information about setting up the Orchestrator database, see Configure the Database Connection. | ||||||||||||
3 |
(Optional) Export the Orchestrator configuration to back up your configuration data in case you want to use the old database and the old SSL certificate. You can export the Orchestrator configuration by using the Orchestrator configuration interface. For more information, see Export the Orchestrator Configuration. | ||||||||||||
4 |
(Optional) Back up your database if you want to retain the old data. The database that you bind Orchestrator to must not contain records in the vmo_keystore table. | ||||||||||||
5 |
Create a new self-signed certificate or import a server certificate signed by a certification authority. You can create and import self-signed certificates by using the Orchestrator configuration interface. For more information, see Server Certificate. | ||||||||||||
6 |
Configure your license settings. You can configure the license settings from the Orchestrator configuration interface. For more information, see Import the vCenter Server License. | ||||||||||||
7 |
Reinstall the default Orchestrator plug-ins.
| ||||||||||||
8 |
Restart the Orchestrator server.
| ||||||||||||
9 |
|
The server certificate change is effective at the next package export.