How to replace the vRealize Orchestrator appliance certificate

After a lot of struggling in the past I finally found a dummy proof way to replace the vRealize Orchestrator (vRO) appliance certificate that works every time. The official documentation for replacing the certificate of the vRO appliance with a CA signed certificate is not so clear, so I hope this helps a bit.


Lets get started!

To create the certificate request first download OpenSSL for Windows and install it in the default location : C:\OpenSSL-Win64

After OpenSSL is installed create the certificate configuration file : C:\OpenSSL-Win64\Certs\rui.cfg and add the following information. Change the marked values starting and ending with % to your own specification.

Next we need to create the PFX file that we are going to import in vRO.
Read More

vRealize Orchestrator ERR_SSL_WEAK_EPHEMERAL_DH_KEY error

Yesterday while validating a vRealize Orchestrator (vRO) deployment on a PSO engagement with my colleague Matthew Bunce (link), we got this weird error when we tried to open the configuration page of a vRO appliance :

vRealize Orchestrator

So what has changed? Why didn’t we got this error before?
Ah of course Chrome has been updated (version 45)! And not only does this issue appear on Chrome but the problem seems to occur on the updated Firefox (version 40).

Fix the vRealize Orchestrator ERR_SSL_WEAK_EPHEMERAL_DH_KEY error

After some Google magic I came across a VMware KB (link) which pointed me in the right direction.

Open an SSH connection to the vRO appliance, and edit the file /etc/vco/app-server/server.xml
Search for the line :

And replace it with :

And do the same in the file /var/lib/vco/configuration/conf/server.xml

And finally reboot the appliance (just to be sure…)

vRealize Orchestrator

Enjoy! 🙂


John Milner (link) pointed out to me in his comment below, that if you are using the Windows installation, you can follow the same procedure as above but then for the file : %INSTALL_PATH%\VMware\Orchestrator\app-server\conf\server.xml

Thanks John!

EMC Avamar Plugin for vRealize Automation

For a vRealize project that I’m currently working on one of the requirements is that the provisioned VM is added to EMC Avamar Data Protection. Normally we do this by creating REST API calls to the Avamar server, which works OK but can’t we do it simpler than that? And now we can!
Introducing the EMC Avamar Plugin for vRealize Automation.


This post will describe how to install the EMC Avamar Plugin for vRealize Automation and add day two operations to the through vRA provisioned VMs.


  • vRealize Automation (vRA) 6.x installed
  • vRealize Orchestrator (vRO) 5.5.x / 6.x installed and configured in vRA
  • vRealize Automation IaaS must be configured to use vRO workflows for customizations (link)
  • EMC Avamar 7.1.x configured and the VMware vCenter client configured
  • EMC Avamar Plugin for vRealize Automation Plugin
  • Read More

    How to add a PowerShell host to vRO

    When you add a PowerShell host to vRealize Orchestrator (vRO) you are able to kick-off PowerShell scripts from your vRO workflows or just from the vSphere WebClient! Which can make your day to day work so much easier. So here is a short post about how you can add a PowerShell host to vRO.



  • vRealize Orchestrator
  • vRO PowerShell Plug-in v1.0.6.2442318 (link)
  • Windows 2008 R2+ with PowerShell 2.0+
    In the past I had some issues with the vRO v1.0.5 Plug-in and the default realm so please check which vRO PowerShell Plug-in you are using!

    For a Stand-alone PowerShell host :

    Then logon to your PowerShell host and configure Windows Remote Management.

    Open an elevated command prompt and run the following commands :

    Now the PowerShell host has been configured the PowerShell host can be added to vRO.
    Read More

    Required Firewall Ports for vRealize

    In this post I’ll describe the required firewall ports for vRealize Automation (vRA), vRealize Business (vRB) and vRealize Orchestrator (vRO) with some additional components like IPAM.
    Required Firewall Ports for vRealize
    The past few months I have been working on designing and implementing a couple of firewalled distributed VMware vRealize solutions. And every time I had the same challenges, not really well documented ports. For example, if you try to install a vRealize Automation IaaS component you need to have port 5480 open from the IaaS server to the vRealize Automation Appliance. This is not mentioned in the official vRA Port Requirements under “Outgoing Ports for Infrastructure as a Service Components”, so this was always a struggle to get this past the security guys why this port needed to be opened because it isn’t in the official documentation.

    Therefore I have created the Visio drawing above with all different components and the required firewall ports for vRA, vRB and vRO that can be used as a reference point. Read More