Creating a Certificate for vRO is a good idea...and it is even easier if you are using the VMCA (VMware Certificate Authority) that is part of the PSC (Platform Controller Service).
The cool thing is that if you have used your own enterprise CA to make the VMCA a Subordinate Certificate Authority (kb.vmware.com/kb/2111219) then your CA trusts your VMCA and VMCA trusts vRO.
If you dont have a CA you can export the VMCA root cert and import it into your trusted root certificates on your computer, which automatically results that the certs for vCenter and all ESXi server URLS are trusted. (see VMware Certificate Authority overview and using VMCA Root Certificates in a browser)
1. Open a SSH connection to your PSC (or to vCenter if your PSC is installed with the vCenter)
2. Create a Config file /tmp/vro.conf with a content simular to this:
Country = DE
Name= vro
Organization = vLeet GmbH
OrgUnit = Consulting
State = Bayern
Locality = Munich
IPAddress = 192.168.220.12
Email = daniel.langenhan@vleet.de
Hostname = vro.mylab.local
3. Run the following commands to generate a cert using vmca
cd /usr/lib/vmware-vmca/bin/
./certool ‑‑genkey ‑‑privkey=/tmp/vro.prikey ‑‑pubkey=/tmp/vro.pubkey
./certool ‑‑gencert ‑‑privkey=/tmp/vro.prikey ‑‑cert=/tmp/vro.cert ‑‑config /tmp/vro.conf
4. Download the vmca root certificate
wget https://127.0.0.1/certs/download --no-check-certificate -O /tmp/vmca.zip
5. Build the .pem file
cd /tmp
unzip vmca.zip
awk 1 vro.prkey vro.cert certs/6bc2e122.0 >vro.pem
6. Use SCP to download the .pem file to your local computer
7. Open the Orchestrator Control Center, Click on Certificates and select Orchestrator Server SSL Certificate
8. Click on Import and select the .pem file to import.
9. Click again on import and then reboot the Appliance.
This is just ONE of the new updates in the upcomingvRealize Orchestrator Cookbook 2nd Edition. Check my website (Langenhan.info) for more information