A Data Management for VMware Tanzu Provider may connect to the following third party systems:

  • S3 (Provider Repo, Provider Log Repo, Provider Backup Repo)
  • LDAP
  • NTP

These systems may require TLS-secured connections. In such cases, you may require that DMS access the systems using trusted certificates.

Data Management for VMware Tanzu automatically copies any Provider certificates to an Agent when the Agent is onboarded. If you want to add a new certificate to the Provider after deployment, you must manually copy these to a Provider VM and the Agent VMs.

Certificate File System Locations

Certificate files are stored in the following file system locations on the Provider VM:

Description File System Location
TrustStore /opt/vmware/tdm-provider/cert/truststore.jks
TrustStore Password /opt/vmware/tdm-provider/apms-service/config/application.yml
Trusted Certificates .pem /opt/vmware/tdm-provider/cert/provider-trusted-certs.pem

Data Management for VMware Tanzu adds the file name prefix provider-trusted-cert-<number>- to the <original-cert-filename>.pem of each trusted certificate, and individually copies each cert to the /etc/ssl/certs directory on the Provider VM.

Updating Trusted Certificates

You must use the Data Management for VMware Tanzu API to update the certificates on the Provider VM:

  1. Retrieve the existing trusted certificates:

    GET https://<provider-ip-address>/appliance/provider/get-trusted-certificates
    

    A successful response includes a file named provider-trusted-certs.pem that contains the currently trusted certificates.

  2. Add the new trusted certificates to the returned file.

  3. Update the certificates on the Provider VM:

    POST https://<provider-ip-address>/appliance/provider/add-trusted-certificates
    

    Request parameters:

    certificate: <cert-file>
    

Deleting All Trusted Certificates

Deleting the trusted certificates on a Provider VM is a manual process. You must:

  1. ssh into the Provider VM.
  2. Delete the certificates from the /opt/vmware/tdm-provider/cert/truststore.jks file.
  3. Delete all of the certificates in the /etc/ssl/certs directory.
  4. Delete the certificates from the /opt/vmware/tdm-provider/cert/provider-trusted-certs.pem file.

Synchronizing Trusted Certificates

If you are running in Provider High Availability mode, you may need to synchronize certificates from the Primary Provider to one or more Standby Providers.

Use the /appliance/provider/sync-trusted-certificates Data Management for VMware Tanzu API endpoint to synchronize trusted certificates from the Primary Provider:

POST https://<provider-ip-address>/appliance/provider/sync-trusted-certificates
check-circle-line exclamation-circle-line close-line
Scroll to top icon