I’ll start out with a easy one…
So I ran in to a snag changing the SSL certificates on the vOrchestrator appliance. Our internal CA does not support the encryption that the appliance uses to generate the certificate when you use the web interface.
It turns out that VMware has some nice documentation on how to do this, but if you just want the quick and dirty steps on how to update the certificate for the client and for the web views, here you go:
Connect to the appliance using SSH.
Generate the keystore:
/opt/vmo/jre/bin/keytool -genkey -alias mySslCertificate -keyalg RSA -keystore vorchestrator.key -keysize 2048 -sigalg SHA512withRSA
Give it a simple password, you will be putting this password in clear text in some config files…
Generate the certificate request:
/opt/vmo/jre/bin/keytool -certreq -alias mySslCertificate -file vorchestrator.csr -keystore vorchestrator.keyvorchestrator.yourdomain.local
Your department
Your company
Your city
Your state
Your country
Get the certificate signed by your CA and scp the certificate as well as the ones for the CA’s in the chain to the appliance, I put the files in /opt.
Import the root certificate:
/opt/vmo/jre/bin/keytool -import -keystore vorchestrator.key -trustcacerts -file root.cer
Import any intermediate signing entities:
/opt/vmo/jre/bin/keytool -import -keystore vorchestrator.key -trustcacerts -file ipsec.cer
Import the server certificate:
/opt/vmo/jre/bin/keytool -import -alias mySslCertificate -keystore vorchestrator.key -trustcacerts -file vorchestrator.cer
Edit the Orchestrator Client web services config file:
vi /opt/vmo/app-server/server/vmo/conf/jboss-service.xml
Find the keystore lines in the config file and change to this:
<attribute name=”KeyStoreURL”>/opt/vorchestrator.key</attribute>
<attribute name=”KeyStorePass”>your keystore password</attribute>
Edit the Web Views config file:
vi /opt/vmo/app-server/server/vmo/deploy/jboss-deploy-tomcat/jbossweb-tomcat55.sar/server.xml
Find the keystore lines in the config file and change to this:
keystoreFile=”/opt/vorchestrator.key”
keystorePass=”secret”
Reboot the appliance and enjoy your new signed environment.