Certificates are stored in a Java™ keystore. The
keystore contents are protected with a password. To manipulate the certificates in the keystore, you
must obtain access to the keystore.
About this task
The default self-signed certificate and keystore password are generated automatically during
installation, so you are unlikely to know the initial password.
Complete the following procedure to replace the original keystore with a new keystore and a new
self-signed certificate. The new keystore is protected by a password of your choice.
If you already know the keystore password, skip this procedure.
Procedure
-
Stop the Data Protection for VMware vSphere GUI
service.
-
From the command line, change the directory to the keystore location.
- On Linux®:
/opt/tivoli/tsm/tdpvmware/common/webserver/usr/servers/veProfile/resources/security/
- On Windows:
C:\IBM\StorageProtect\webserver\usr\servers\veProfile\resources\security\
-
Make a backup copy of the keystore file (key.jks) by renaming it or moving
it to a different location.
-
Create a new keystore and a new self-signed certificate by issuing the following command:
keytool -genkeypair -alias vekey -dname
CN=fqdn,OU=Tivoli_Storage_Manager_for_VMware,O=IBM -keyalg RSA
-sigalg SHA256withRSA -keysize 2048 -validity days -keystore
key.jks -storepass password -keypass password
Where:
-dname
CN=fqdn,OU=Tivoli_Storage_Manager_for_VMware,O=IBM
- fqdn is the DNS name or fully qualified domain name of the computer on which
the Data Protection for VMware vSphere GUI is
installed.
-validity days
- The certificate validity period.
-storepass password
- The keystore password. Ensure that you remember this password for future use.
-keypass password
- The private key password for the certificate. This password must match the keystore
password.
-
Encode the keystore password by using the securityUtility tool. Issue the
following command.
- On Linux:
/opt/tivoli/tsm/tdpvmware/common/webserver/bin/securityUtility encode
- On Windows:
C:\IBM\StorageProtect\webserver\bin\securityUtility.bat encode
Enter your keystore password when prompted and then save the output (for example, copy it to
the clipboard).
-
Open the bootstrap.properties file in an editor and set the
veProfile.keystore.pswd
property to the encoded value from the previous step.
The bootstrap.properties file is in the following location:
- On Linux:
/opt/tivoli/tsm/tdpvmware/common/webserver/usr/servers/veProfile/
- On Windows:
C:\IBM\StorageProtect\webserver\usr\servers\veProfile\
-
Start the Data Protection for VMware vSphere GUI
service.