To provide recipients with an acceptable level of trust that the package was created by your server, certificates are typically signed by a certificate authority (CA). Certificate authorities guarantee that you are who you claim to be, and as a token of their verification, they sign your certificate with their own.


Log in to the Orchestrator configuration interface as vmware.


Click Server Certificate.


Generate a Certificate Signing Request (CSR).


Click Export certificate signing request.


Save the VSOcertificate.csr file in your file system when prompted.


Send the CSR file to a Certificate Authority, such as VeriSign or Thawte.

Procedures might vary from one CA to another, but they all require a valid proof of your identity.

The CA returns a certificate that you must import.


Click Import certificate signing request signed by CA and select the file sent by your CA.

Orchestrator uses the server certificate to perform the following tasks:

Signs all packages before they are exported by attaching your certificate’s public key to each one.

Displays a user prompt after users import a package that contains elements signed by untrusted certificates.

You can import this certificate on other servers.