Data Protection for VMware vSphere GUI 8.1.23 and later
requires the upgrade to Java™ Semeru 21. The certificate
handling is stricter with Java Semeru 21. The vCenter
certificate must be imported into Data Protection for VMware vSphere GUI server truststore.
About this task
- The following procedure is only required for Data Protection for VMware vSphere GUI 8.1.23 and later.
- The following procedure uses the standard key and certificate management tool called
keytool.
- On Linux® operating systems, it is located in the
/opt/tivoli/tsm/tdpvmware/common/jre/jre/bin/ directory.
- On Microsoft
Windows operating systems, it is located in the
C:\Program Files\Common Files\Tivoli\TSM\jvm210200\jre\bin directory.
- You need to specify the full path when you run the keytool command from the
command line.
Procedure
-
Stop the Data Protection for VMware vSphere GUI service.
-
From the command line, change the directory to the keystore location.
- Linux:
/opt/tivoli/tsm/tdpvmware/common/webserver/usr/servers/veProfile/resources/security/
- Microsoft
Windows:
C:\IBM\SpectrumProtect\webserver\usr\servers\veProfile\resources\security\
-
Create a backup copy of the keystore file (key.jks).
-
Obtain a copy of the vCenter certificate by using the following command:
keytool -printcert -sslserver vCenter_hostname -rfc > my_vCenter.pem
Where:
vCenter_hostname
: The full qualified domain name for vCenter.
my_vCenter.pem
: The copy of the vCenter certificate that is saved in a local
folder
- Import the vCenter certificate to keystore by using the following command:
keytool -importcert -alias my_vCenter -file my_vCenter.pem -keystore key.jks -storepass password -noprompt
Where:
-alias
my_vCenter: The unique alias that identifies the certificate in the
keystore.
-file
my_vCenter.pem: The vCenter certificate file that is obtained from Step 4.
-storepass
password: The keystore password.
On
the Windows platform, if you are using the
default key.jks generated by the initial installation, the default password is
tsm4ve.
On the Linux platform, if you are using the default
key.jks generated by the
initial installation and the installation log is available, issue the following command to find the
default
password:
grep -r "storepass" /opt/tivoli/tsm/tdpvmware/_uninst/TDPVMware/Logs/
The default password is shown after the
-storepass parameter in the command
output.
If you cannot find the keystore password, refer to the Obtaining access to the keystore section to re-create the
key.jks keystore with the appropriate password.
- Restart the Data Protection for VMware vSphere GUI
service.