Configuring Data Protection for VMware vSphere GUI communication to vCenter server

Edit online

Data Protection for VMware vSphere GUI 8.1.23 and later requires the upgrade to Java™ Semeru 21. The certificate handling is stricter with Java Semeru 21. The vCenter certificate must be imported into Data Protection for VMware vSphere GUI server truststore.

About this task

  • The following procedure is only required for Data Protection for VMware vSphere GUI 8.1.23 and later.
  • The following procedure uses the standard key and certificate management tool called keytool.
  • On Linux® operating systems, it is located in the /opt/tivoli/tsm/tdpvmware/common/jre/jre/bin/ directory.
  • On Microsoft Windows operating systems, it is located in the C:\Program Files\Common Files\Tivoli\TSM\jvm210200\jre\bin directory.
  • You need to specify the full path when you run the keytool command from the command line.

Procedure

  1. Stop the Data Protection for VMware vSphere GUI service.
  2. From the command line, change the directory to the keystore location.
    • Linux: /opt/tivoli/tsm/tdpvmware/common/webserver/usr/servers/veProfile/resources/security/
    • Microsoft Windows: C:\IBM\SpectrumProtect\webserver\usr\servers\veProfile\resources\security\
  3. Create a backup copy of the keystore file (key.jks).
  4. Obtain a copy of the vCenter certificate by using the following command: 
    keytool -printcert -sslserver vCenter_hostname -rfc > my_vCenter.pem
    Where:
    • vCenter_hostname: The full qualified domain name for vCenter.
    • my_vCenter.pem: The copy of the vCenter certificate that is saved in a local folder
  5. Import the vCenter certificate to keystore by using the following command: 
    keytool -importcert -alias my_vCenter -file my_vCenter.pem -keystore key.jks -storepass password -noprompt
    Where:
    • -alias my_vCenter: The unique alias that identifies the certificate in the keystore.
    • -file my_vCenter.pem: The vCenter certificate file that is obtained from Step 4.
    • -storepass password: The keystore password.

      On the Windows platform, if you are using the default key.jks generated by the initial installation, the default password is tsm4ve.

      On the Linux platform, if you are using the default key.jks generated by the initial installation and the installation log is available, issue the following command to find the default password:
      grep -r "storepass" /opt/tivoli/tsm/tdpvmware/_uninst/TDPVMware/Logs/
      The default password is shown after the -storepass parameter in the command output.

      If you cannot find the keystore password, refer to the Obtaining access to the keystore section to re-create the key.jks keystore with the appropriate password.

  6. Restart the Data Protection for VMware vSphere GUI service.