The server certificate is a form of digital identification that is used to authenticate Web applications. Issued for a particular server and containing information about the server’s public key, the certificate allows you to sign all elements created in Orchestrator and guarantee authenticity. When the client receives an element from your server, typically this is a package, the client verifies your identity and decides whether to trust your signature.

Installing Orchestrator or deploying the Orchestrator requires that you create a certificate. You can create a self-signed certificate to guarantee encrypted communication and a signature for your packages. However, the recipient cannot be sure that the self-signed package that you are sending is in fact a package issued by your server and not a third party claiming to be you.

To provide recipients with an acceptable level of trust that the package was created by your server, certificates are typically signed by a certificate authority (CA). Certificate authorities guarantee that you are who you claim to be, and as a token of their verification, they sign your certificate with their own.

You can import a server certificate and use it with Orchestrator.

The server certificate private key is stored in the vmo_keystore table of the Orchestrator database. In case you lose or delete this key, or if you bind the Orchestrator server to a different database, the contents of the exported packages signed with this certificate become unavailable. To ensure that packages are decrypted on import, you must save this key to a local file.

If you want to sign your packages with a server certificate different from the one you used for the initial Orchestrator configuration, you must export all your packages and change the Orchestrator database.