By default, the Orchestrator server uses the predefined SSL certificate while communicating remotely with the Orchestrator client. You can change the SSL certificate for the Orchestrator client, for example if your company security policy requires you to use its SSL certificates.

Make sure that you have installed an SSL certificate signed by a CA.


Open the following Orchestrator application server service file in a text editor.



If you installed the standalone version of Orchestrator

Go to install_directory\VMware\Orchestrator\app-server\server\vmo\conf\jboss-service.xml.

If the vCenter Server installed Orchestrator

Go to install_directory\VMware\Infrastructure\Orchestrator\app-server\server\vmo\conf\jboss-service.xml.


Find the following entry at line 359 in the jboss-service.xml file.

<!-- The SSL domain setup -->
  <mbean code="" name="Security:name=JaasSecurityDomain,domain=dunes">
      <arg type="java.lang.String" value="dunes"/>
    <attribute name="KeyStoreURL">${java.home}/lib/security/jssecacerts</attribute>
    <attribute name="KeyStorePass">dunesdunes</attribute>

Change the keystoreURL and keystorePass attributes to refer to the path to the .keystore file and the password you created when you ran the keytool utility.


The keystoreURL attribute is a URL and must contain slashes as directory separators.


Save the jboss-service.xml file and restart the Orchestrator server.

The Orchestrator client authenticates the Orchestrator server by using the SSL certificate you changed.