Orchestrator provides an SSL certificate that controls user access to Web views. You can configure Orchestrator to use a different SSL certificate to control access to Web views, for example if your company security policy requires you to use their SSL certificates.

Make sure that you have installed an SSL certificate signed by a CA.

1

Open the following Orchestrator application server configuration file in a text editor.

Option

Action

If you installed the standalone version of Orchestrator

Go to install_directory\VMware\Orchestrator\app-server\server\vmo\deploy\jboss-deploy-tomcat\jbossweb-tomcat55.sar\server.xml.

If the vCenter Server installed Orchestrator

Go to install_directory\VMware\Infrastructure\Orchestrator\app-server\server\vmo\deploy\jboss-deploy-tomcat\jbossweb-tomcat55.sar\server.xml.

2

Find the following entry at line 44 in the server.xml file.

<!-- Define a SSL HTTP/1.1 Connector on port ${ch.dunes.https-server.port} -->
<Connector address="${jboss.bind.address}" protocol="HTTP/1.1" SSLEnabled="true" clientAuth="false" emptySessionPath="true"
keystoreFile="${java.home}/lib/security/jssecacerts"
keystorePass="dunesdunes"
maxHttpHeaderSize="8192" maxThreads="100"
port="${ch.dunes.https-server.port}" scheme="https" secure="true"
sslProtocol="TLS" strategy="ms" />
3

Change the keystoreFile and keystorePass attributes to refer to the .keystore file and the password you created when you ran the keytool utility.

keystoreFile="/PathToKeystore/.keystore"
keystorePass="NewKeystorePassword"

The keystorFile attribute should contain slashes as directory separators.

4

Save the server.xml file and restart the Orchestrator server.

You changed the SSL certificate that the Orchestrator server uses to control access to Web views.