posted

0 Comments

Spas_Kaloferov


By Spas Kaloferov

Importing Digitally Signed Packages to a Different Destination vRO (vRealize Orchestrator) Server

What we did in the previous changer was to change the PSC certificate on a vRO server to match our company requirements. The certificate will be used to digitally sign packages we export from vRO.

If you will import digitally signed workflow packages only to their original vRO, no further steps are required.

If you will import digitally signed workflow packages to a different vRO, additional configuration steps are required on the destination vRO.

If you try to import a digitally signed workflow package from vRO ServerA to vRO ServerB, you will receive an error message similar to the following:

SignatureException
Signature length not correct: got 256 but was expecting 512.

Singature Exception

So, let’s look at what needs to be done on vRO ServerB to successfully import digitally signed workflow packages.

First, you need to export the entire keystore containing the PSC certificate from vRO ServerA.

To do this, navigate to vRO Control Center, Certificates, and select Package Signing Certificate.

Click Export, type a password, and export the keystore to a file.

vRO Control Center

On vRO ServerB, import the keystore containing the PSC certificate from vRO ServerA. To do this, navigate to vRO Control Center, Certificates, and select Package Signing Certificate.

Click Import > Import from JavaKeyStore file.

 JavaKeyStore file

Restart the Orchestrator server for the changes to take effect!

Now both servers possess the same PSC, including the secret key/private key needed to encrypt and decrypt digitally signed workflow packages.

Backing Up Your PSC Certificate and Private Key

In case of vRO failure, you will need the following files to successfully import a digitally signed package to a different destination appliance:

  • The vRO Package Signing Certificate keystore file
  • The Package Signing Certificate (optional but recommended)

vRO Architecture Considerations When Digitally Signing Certificates

To learn more about the effects of digitally signing your workflow packages, visit vRO Architecture Considerations When Digitally Signing Packages.

I hope this post was valuable in helping you learn how to change the Package Signing Certificate in a vRealize Orchestrator appliance. Stay tuned for my next post!