I posted this originally in a different thread and decided to create a new one for it since it was only tangentially related to where I posted before. I'm using the vRA appliance, and as near as I can tell the default keystore doesn't include any generally accepted root CA certificates. I'm using Google apps as our outbound email server, and since the root cert they used isn't in the keystore I'm forced to allow self-signed certificates. This is a lab server so I'm only a little bothered by that, but let's say I want to send an email via an Orchestrator flow--the ootb send notification flow doesn't provide any option for trusting all roots and just refuses to do anything at all. I crossed my fingers and did vcac-config import-certificate, but there was no noticeable effect after restarting. I even tried importing cacerts from my workstation's Java install, but I haven't been able to guess the keystore password. The system admin and hardening guides only talk about replacing certificates for the various vRA components, and I'm frankly at a loss for what to try next. The integrated vRO installation also maintains a keystore (which also lacks any root certs), but the config tool for Orchestrator at least allows you to import certs, even if only one at a time. Is there a similar tool for vRA itself, or is the default keystore password in some KB article I haven't been able to locate yet?
↧