You might end up in a situation where you wanted to change the vRO self signed certificate and while doing so it got into a corrupt state. In such case you can simply regenerate the self signed certificate and get your vRO server up again and then proceed with CA signed certificate.
Stop vRO Server Service
Following Procedure outlines the process for vRO 6 Virtual Appliance
Delete existing Certificate
keytool -delete -alias dunes -keystore "/etc/vco/app-server/security/jssecacerts" -storepass "dunesdunes"
Generate a new certificate for the “dunes” key (10 year cert shown in sample line below – adjust validity in days as desired)
keytool -genkey -alias dunes -keypass "dunesdunes" -keystore "/etc/vco/app-server/security/jssecacerts" -storepass "dunesdunes" -validity 3650
When prompted for your first and last name, enter the FQDN of your vCO server. This is very important as it will tie the certificate to the server!
What is your first and last name? [Unknown]: vro.domain.local
For each of the remaining prompts (Organizational Unit, Organization, City, State, Country Code), simply enter the appropriate values for your organizaiton
After specifying the information above, you will be prompted for confirmation… Type “yes” and hit <ENTER>
When prompted for the password for <dunes> hit <ENTER> to use the same as the keystore password.
Go back to your vCenter Orchestrator Configuration and Start the vCenter Orchestrator Server service via the “Startup Options” tab.
Note: Though this procedure if applicable for vRO 6. It can also be used with vRO 7. Exception is that, in vRO7 password for the keystore is different than vRO6 (dunesdunes). In vRO7 the password is generated randomly at the first boot.