After a lot of struggling in the past I finally found a dummy proof way to replace the vRealize Orchestrator (vRO) appliance certificate that works every time. The official documentation for replacing the certificate of the vRO appliance with a CA signed certificate is not so clear, so I hope this helps a bit.
Lets get started!
To create the certificate request first download OpenSSL for Windows and install it in the default location : C:\OpenSSL-Win64
After OpenSSL is installed create the certificate configuration file : C:\OpenSSL-Win64\Certs\rui.cfg and add the following information. Change the marked values starting and ending with % to your own specification.
[ req ]
default_bits = 2048
default_keyfile = rui.key
distinguished_name = req_distinguished_name
encrypt_key = no
prompt = no
string_mask = nombstr
req_extensions = v3_req
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth, clientAuth
subjectAltName = IP:%IP%, DNS:%FQDN%, DNS:%HOSTNAME%,
[ req_distinguished_name ]
countryName = %countryName%
stateOrProvinceName = %stateOrProvinceName%
localityName = %localityName%
0.organizationName = %organizationName%
organizationalUnitName = %organizationalUnitName%
commonName = %commonname%
Next we need to create the PFX file that we are going to import in vRO.