By default, the Orchestrator server uses the predefined SSL certificate to communicate remotely with the Orchestrator client. You can change the SSL certificate for the Orchestrator client, for example if your company security policy requires you to use its SSL certificates.

Make sure that you have generated or installed an SSL certificate signed by a CA.

1

Open the following Orchestrator application server service file in a text editor.

The default location is:

/opt/vmo/app-server/server/vmo/conf/jboss-service.xml

2

Find the following entry in the jboss-service.xml file.

<!-- The SSL domain setup -->
  <mbean code="org.jboss.security.plugins.JaasSecurityDomain" name="Security:name=JaasSecurityDomain,domain=dunes">
    <constructor>
      <arg type="java.lang.String" value="dunes"/>
    </constructor>
    <attribute name="KeyStoreURL">${java.home}/lib/security/jssecacerts</attribute>
    <attribute name="KeyStorePass">dunesdunes</attribute>
  </mbean>
3

Change the keystoreURL and keystorePass attributes to refer to the path to the <your_keystore_filename> file and the password you created when you ran the keytool utility.

keystoreURL="/PathToKeystore/<your_keystore_filename>"
keystorePass="NewKeystorePassword"

The keystoreURL attribute is a URL and must contain slashes as directory separators.

4

Save the jboss-service.xml file and restart the Orchestrator server.

The Orchestrator client authenticates the Orchestrator server by using the SSL certificate you changed.