If you want to sign your packages with a server certificate different from the one you used for the initial Orchestrator configuration, you must export all your packages and change the Orchestrator database.

This workflow describes the process to change the self-signed certificate.

1

Export all your packages by using the Orchestrator client.

a

Click the Packages view in the Orchestrator client.

b

Right-click the package to export and select Export package.

c

Browse to select a location to save the package to and click Open.

d

Leave the View content, Re-Packageable, and Edit element options selected.

Caution

Do not sign the package with your current certificate. You must not encrypt the package. When you delete the certificate database, the private key is lost and the contents of the exported package become unavailable.

e

(Optional) Deselect the Export version history check box if you do not want to export the version history.

f

Click Save.

2

Create a new database and configure Orchestrator to work with it.

For more information about setting up the Orchestrator database, see Configure the Database Connection.

3

(Optional) Export the Orchestrator configuration to back up your configuration data in case you want to use the old database and the old SSL certificate.

You can export the Orchestrator configuration by using the Orchestrator configuration interface. For more information, see Export the Orchestrator Configuration.

4

(Optional) Back up your database if you want to retain the old data.

The database that you bind Orchestrator to must not contain records in the vmo_keystore table.

5

Create a new self-signed certificate or import a server certificate signed by a certification authority.

You can create and import self-signed certificates by using the Orchestrator configuration interface. For more information, see Server Certificate.

6

Configure your license settings.

You can configure the license settings from the Orchestrator configuration interface. For more information, see Import the vCenter Server License.

7

Reinstall the default Orchestrator plug-ins.

a

On the Orchestrator configuration interface, click the Troubleshooting tab.

b

Click the Reset current version link.

8

Restart the Orchestrator server.

a

On the Orchestrator configuration interface, click the Startup options.

b

Click the Restart service link.

9

Reimport your packages.

a

Click the Packages view in the Orchestrator client.

b

From the drop-down menu, select Import package.

c

Browse to select the package to import and click Open.

d

Click Import or Import and trust provider.

e

Click Import checked elements.

The server certificate change is effective at the next package export.