This is the fourth in a series of posts covering the replacement of vRealize Automation SSL Certificates. In this post, we will tackle steps required to update the embedded vRealize Orchestrator certificate following the replacement of the vRealize Automation Appliance certificate.
This post is based on the VMware procedure and this is documented within the VMware Documentation Site here.
According to the VMware, the reason for completing this additional step is that if you replace or update vRealize Automation certificates without completing this procedure, the vRealize Orchestrator Control Center may become inaccessible, and errors may appear in the vco-server and vco-configurator log files.
This procedure resets tenant and group authentication back to the default settings. If you have customized your authentication configuration, note your changes so that you can re-configure authentication after completing the procedure.
The following are expected prerequisites for this walkthrough:
- A fully deployed and working vRealize Automation solution.
- The Root CA Certificate and any Subordinate/Intermediate CA Certificates are installed within the appropriate Certificate store on the local machine (normally the Trusted Root Certification Authorities and the Intermediate Certification Authority respectively).
- You have noted the authentication settings configured in vRO so they can be put back again.
Updating the embedded vRealize Orchestrator Certificate
Note: As we are upgrading the embedded vRO, all of these commands will be completed on the vRealize Automation Appliance.
Open an SSH session to the vRealize Automation appliance, vra.fqdn using your tool of choice (i tend to use PuTTY).
Log into the session using the root user and the password specified for the root account during the deployment.
service vco-server stop and press enter.
service vco-configurator stop and press enter.
Note: at the time of writing this post, the VMware doc incorrectly says to type
/var/lib/vco/tools/configuration-cli/bin/vro-configure.sh reset-authentication and press enter.
rm /etc/vco/app-server/vco-registration-id and press enter.
vcac-vami vco-service-reconfigure and press enter.
Note: the VMware documentation says you now need to start the vco-server service, but as you can see from the above screenshot, that is automatically restarted. If you want to double check, type
service vco-server start and you should get a messgae to say its already started!
If you want to access the vRO Control Panel, type
service vco-configurator start and press enter.
If you previously had changed the authentication settings from default, you can now re-configure them again! Yay!
Note: At this point I experienced a certificate issue with Google Chrome which meant I couldn’t access the vRO Control Panel. If you are in desparate need to re-configure the authentication settings right now, I found Mozilla FireFox capable of bypassing the issue. However, do not worry, the Google Chrome issue should be resolved after the next post!
In the next post, we will look at Replacing the vRealize Automation 7.3 Appliance VAMI Certificate.