How to update SDDC Manager when a VxRail Manager certificate has been replaced
Article ID: 316938
Updated On:
Products
VMware Cloud Foundation
Issue/Introduction
In VMware Cloud Foundation for VxRail, when the VxRail Manager certificate is replaced with a third-party CA certificate by following the Dell/EMC SoLVE procedure, the SDDC Manager trust store must be updated with the new certificate details.
Environment
VMware Cloud Foundation 3.7.x
Resolution
The following steps can be used to update the SDDC Manager trust store with the new VxRail Manager certificate.
Note: Take a snapshot of the SDDC Manager VM prior to starting this process.
Note: Remove the snapshot that was taken prior to starting this procedure.
Note: Take a snapshot of the SDDC Manager VM prior to starting this process.
- Use a file transfer utility to copy the new VxRail Manager certificate file to the /tmp directory on the SDDC Manager VM.
- SSH to the SDDC Manager VM as the vcf user and then issue the su - command to switch to the root user.
- Obtain the trusted certificates key by issuing the following command:
cat /etc/vmware/vcf/commonsvcs/trusted_certificates.key
Note: You will see output similar to the following:
q_0EZjUI7Z^B7V@2A+
Note: You will see output similar to the following:
q_0EZjUI7Z^B7V@2A+
- Issue a command similar to the following to import the new VxRail Manager certificate into the SDDC Manager trust store:
keytool -importcert -alias <aliasname> -file <certificate file> -keystore /etc/vmware/vcf/commonsvcs/trusted_certificates.store --storepass <trust store key>
Notes:
- Type yes when prompted to trust the certificate
- Enter something meaningful, like vxrailmanager for the <aliasname> value.
- Replace <certificate file> with the full path to the certificate file that was uploaded in Step 1
- Replace <trust store key> with the trusted certificates key value returned in Step 3
- Issue a command similar to the following to import the new VxRail Manager certificate into the java trust store:
keytool -importcert -alias <aliasname> -file <certificate file> -keystore /usr/java/jre-vmware/lib/security/cacerts --storepass changeit
Notes:
- Type yes when prompted to trust the certificate
- Replace <certificate file> with the full path to the certificate file that was uploaded in Step 1
- Issue a command similar to the following to verify that the new VxRail Manager certificate has been added to the SDDC Manager trust store:
keytool -list -v -keystore /etc/vmware/vcf/commonsvcs/trusted_certificates.store -storepass <trust store key>
Note: Replace <trust store key> with the trusted certificates key value returned in Step 3
Note: Replace <trust store key> with the trusted certificates key value returned in Step 3
- Issue the following command to restart the SDDC Manager services:
/opt/vmware/vcf/operationsmanager/scripts/cli/sddcmanager_restart_services.sh
Note: Remove the snapshot that was taken prior to starting this procedure.
Feedback
Yes
No
Powered by
