Install a Manually Generated Certificate on vSphere Data Protection in Region B

Replace the default VMware-signed certificate on vSphere Data Protection in Region B with the certificate that is signed by the Microsoft CA on the dc01lax.lax01.rainpole.local AD server.

Before you begin

Generate a certificate for vSphere Data Protection on the dc01lax.lax01.rainpole.local AD server. See Generate CA-Signed Certificates for the SDDC Management Components in Region B.

Procedure

  1. On the Windows host that has access to the data center, copy the vdp.p7b certificate file to the /root folder on the vSphere Data Protection virtual appliance.

    You can use scp, FileZilla or WinSCP.

  2. Log in to the vSphere Data Protection appliance.

    1. Open an SSH connection to the virtual machine mgmt01vdp51.lax01.rainpole.local.
    2. Log in using the following credentials. |Setting|Value| |:------|:----| |User name|root| |Password|vdp_root_password|

  3. Verify that the vSphere Data Protection services are stopped.

    ``` {#GUID-335AF115-A814-451E-A750-7B66187DEAFB__codeblock_C65CB519845F4EC6A8488EB04E0F9B9C .pre .codeblock} emwebapp.sh --test

    
If the services are running, stop them by running the following command.

``` {#GUID-335AF115-A814-451E-A750-7B66187DEAFB__codeblock_2325023A4682402E95DCFA9F2980EDF6 .pre .codeblock}
emwebapp.sh --stop

  4. Import the certificate.

    1. Run the following console command.

      {#GUID-335AF115-A814-451E-A750-7B66187DEAFB__codeblock_0C7705F2497C4DB2BA263623DE8EE8BA .pre .codeblock} /usr/java/latest/bin/keytool -import -alias tomcat -keystore /root/.keystore -file /root/vdp.p7b

    2. When prompted for the keystore password, enter changeit.

    3. When prompted to trust the certificate, enter yes and press Enter.

  5. Verify that the certificate is installed successfully.

    1. Run the following command.

      {#GUID-335AF115-A814-451E-A750-7B66187DEAFB__codeblock_DAF5E4B1A59D439BADB5C7F90BC678B1 .pre .codeblock} /usr/java/latest/bin/keytool -list -v -keystore /root/.keystore -storepass changeit -keypass changeit | grep tomcat

    2. Verify that the output contains Alias name: tomcat.

  6. Run the addFingerprint.sh script to update the vSphere Data Protection server thumbprint displayed in the VM console welcome screen.

    {#GUID-335AF115-A814-451E-A750-7B66187DEAFB__codeblock_8608B48B297541FC866C1FA77D1D9CEA .pre .codeblock} /usr/local/avamar/bin/addFingerprint.sh

    This script does not return any output.

  7. Start the vSphere Data Protection services.

    {#GUID-335AF115-A814-451E-A750-7B66187DEAFB__codeblock_0FAAA18C9E074D6D9B79985081DBC2D0 .pre .codeblock} emwebapp.sh --start

Parent topic: Replace the Certificate of vSphere Data Protection in Region B

Related tasks

Install a CertGenVVD-Generated Certificate on vSphere Data Protection in Region B

results matching ""

    No results matching ""