Generate a New Certificate

To change an SSL certificate, you can generate a new certificate. You can generate the new certificate on the same computer on which Orchestrator is installed or on another computer.

Prerequisites

To generate the new certificate, you must use the Java keytool utility. You can find the utility on the system on which Orchestrator is installed.

Procedure

Navigate to the keytool utility at the command prompt.

Option	Action
If you installed the standalone version of Orchestrator	Go to `install_directory`\VMware\Orchestrator\jre\bin\keytool.
If the vCenter Server installed Orchestrator	Go to `install_directory`\VMware\Infrastructure\Orchestrator\jre\bin\keytool.

Create a local certificate.

keytool -genkey -alias mySslCertificate -keyalg RSA -keystore <your_keystore_filename> \
    -keysize 2048 -sigalg SHA512withRSA

The keytool utility generates a file called <your_keystore_filename> by using the information and password that you provide when you run the command.

What to do next

You can create a signing request and submit the certificate to a Certificate Authority. You can then import the signed certificate into your local keystore.

You can also change the Web views SSL certificate, the SSL certificate for the Orchestrator configuration interface, or the SSL certificate for the Orchestrator client with the certificate you generated.