Replace vRO self Signed Certificate with new Self Signed Certificate

You might end up in a situation where you wanted to change the vRO self signed certificate and while doing so it got into a corrupt state.  In such case you can simply regenerate the self signed certificate and get your vRO server  up again and then proceed with CA signed certificate.

Stop  vRO Server Service
Following Procedure outlines the process for vRO 6 Virtual Appliance

Delete existing Certificate

 keytool -delete -alias dunes -keystore "/etc/vco/app-server/security/jssecacerts" -storepass "dunesdunes"

Generate a new certificate for the “dunes” key (10 year cert shown in sample line below – adjust validity in days as desired)

keytool -genkey -alias dunes -keypass "dunesdunes" -keystore "/etc/vco/app-server/security/jssecacerts" -storepass "dunesdunes" -validity 3650

When prompted for your first and last name, enter the FQDN of your vCO server. This is very important as it will tie the certificate to the server!

What is your first and last name?
 [Unknown]: vro.domain.local

For each of the remaining prompts (Organizational Unit, Organization, City, State, Country Code), simply enter the appropriate values for your organizaiton

After specifying the information above, you will be prompted for confirmation… Type “yes” and hit <ENTER>

When prompted for the password for <dunes> hit <ENTER> to use the same as the keystore password.

Go back to your vCenter Orchestrator Configuration and Start the vCenter Orchestrator Server service via the “Startup Options” tab.

Note: Though this procedure if applicable for vRO 6. It can also be used with vRO 7.  Exception is that, in vRO7 password for the keystore is different than vRO6 (dunesdunes). In vRO7 the password is generated randomly at the first boot.




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s