How to replace the vRealize Orchestrator appliance certificate

After a lot of struggling in the past I finally found a dummy proof way to replace the vRealize Orchestrator (vRO) appliance certificate that works every time. The official documentation for replacing the certificate of the vRO appliance with a CA signed certificate is not so clear, so I hope this helps a bit.


Lets get started!

To create the certificate request first download OpenSSL for Windows and install it in the default location : C:\OpenSSL-Win64

After OpenSSL is installed create the certificate configuration file : C:\OpenSSL-Win64\Certs\rui.cfg and add the following information. Change the marked values starting and ending with % to your own specification.

Next we need to create the PFX file that we are going to import in vRO.
Read More

vRealize Orchestrator ERR_SSL_WEAK_EPHEMERAL_DH_KEY error

Yesterday while validating a vRealize Orchestrator (vRO) deployment on a PSO engagement with my colleague Matthew Bunce (link), we got this weird error when we tried to open the configuration page of a vRO appliance :

vRealize Orchestrator

So what has changed? Why didn’t we got this error before?
Ah of course Chrome has been updated (version 45)! And not only does this issue appear on Chrome but the problem seems to occur on the updated Firefox (version 40).

Fix the vRealize Orchestrator ERR_SSL_WEAK_EPHEMERAL_DH_KEY error

After some Google magic I came across a VMware KB (link) which pointed me in the right direction.

Open an SSH connection to the vRO appliance, and edit the file /etc/vco/app-server/server.xml
Search for the line :

And replace it with :

And do the same in the file /var/lib/vco/configuration/conf/server.xml

And finally reboot the appliance (just to be sure…)

vRealize Orchestrator

Enjoy! 🙂


John Milner (link) pointed out to me in his comment below, that if you are using the Windows installation, you can follow the same procedure as above but then for the file : %INSTALL_PATH%\VMware\Orchestrator\app-server\conf\server.xml

Thanks John!

How to manually update the vRealize Business reference database

On several of my last vRealize projects, I’ve had the challenge (one of many 😉 ) of getting direct access from the vRealize Business (vRB) to the internet to retrieve the latest vRB reference database from the VMware servers. There is a manual way to do this, but this involves opening a SR, sending them the though vRB created file and waiting for VMware support to reply with the updated file. It works but it takes some time and effort also from VMware support.

But now VMware came up with an improved way to update the vRealize Business reference database :

vRealize Business


Update vRealize Business reference database process

Open the vRealize Automation (vRA) portal and log in to the portal with credentials that has “Business Management Administrator” rights. Then open Business Administration -> Business Management -> Update Reference Database.
Read More