To change an SSL certificate, you can generate a new keystore file. You can generate the new keystore in the Orchestrator Appliance machine.

To generate the new certificate, you must use the Java keytool utility. You can find the utility in the system Orchestrator Appliance virtual machine.

1

Log in to the appliance Linux console as root and navigate to the keytool utility.

The default location is:

/opt/vmo/jre/bin/keytool

2

Create a local certificate.

keytool -genkey -alias mySslCertificate -keyalg RSA -keystore <your_keystore_filename> \
    -keysize 2048 -sigalg SHA512withRSA

The keytool utility generates a file called <your_keystore_filename> by using the information and password that you provide when you run the command.

You can create a signing request and submit the certificate to a Certificate Authority. You can then import the signed certificate into your local keystore.

You can also change the Web views SSL certificate, the SSL certificate for the Orchestrator configuration interface, or the SSL certificate for the Orchestrator client with the certificate you generated.