Import a Certificate to the Orchestrator Trust Store using PEM-encoded file

vRealize Orchestrator server must be able to verify their identity, to communicate with other servers (vCenter Server, relational database management system (RDBMS), LDAP, Single Sign-On, and other servers) securely. For this purpose, you might need to import the SSL certificate of the remote entity to the Orchestrator trust store.

To trust a certificate, you can import it to the trust store either by establishing a connection to a specific URL, or directly as a PEM-encoded file.

Import from URL or
proxy URL
The URL of the remote server:
https://your_server_IP_address or your_server_IP_address:port
Import from filePath to the PEM-encoded certificate file.

In this post, we will focus on how to import a certificate using PEM-encoded file. For URL based import, simply use the Library Workflows.

Step 1: Generate PEM file


Find the fully qualified domain name of the server to which you want Orchestrator to connect over SSL.


  • Log in to the Orchestrator Appliance over SSH as root.
  • Run a command to retrieve the certificate of the remote server.
openssl s_client -connect host_or_dns_name:secure_port
  1. a If you use a nonencrypted port, use starttls and the required protocol with the openssl command.
openssl s_client -connect host_or_dns_name:port -starttls smtp
  • Copy the text from the -----BEGIN CERTIFICATE----- to the -----END CERTIFICATE----- tag to a text editor and save it as a file in your local system.

Step 2: Import a PEM-encoded file

We can use either of the following ways for this purpose.

  • Control Center
  • vRO Library Workflow

via Control Center

  • Log in to Control Center as root.
  • Go to the Certificates page.
  • On the Trusted Certificates tab, click Import and select the Import from a PEM-encoded file option.
  • Browse to the certificate file and click Import.

via vRO Workflow

  • Log in to vRO Portal.
  • Go to Workflows under Library > Configuration > SSL Trust Manager.
  • Run workflow Import a trusted certificate from a file
  • Browse to the certificate file and click Run.
  • The workflow should be successfully completed.


You have successfully imported a remote server certificate to the Orchestrator trust store. You can check an entry for the corresponding server in the Control Center Certificates Tab or try running the workflow related to the server for which the certificate was imported. You won’t see this error anymore.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s