A database may connect to the following third party systems:
These systems may require TLS-secured connections. In such cases, you may require that Data Management for VMware Tanzu access the systems using trusted certificates.
Data Management for VMware Tanzu automatically copies updated Agent certificates to all databases provisioned in the Onboarded Cluster. If Data Management for VMware Tanzu is unable to synchronize the certificates with a database, you must manually trigger an API endpoint to update the certs on the database.
Certificate files are stored in the following file system locations on the database VM:
|File System Location
|Trusted Certificates .pem
Data Management for VMware Tanzu adds the file name prefix
resource-trusted-cert-<number>- to the
<original-cert-filename>.pem of each trusted certificate, and individually copies each cert to the
/etc/ssl/certs directory on the database VM.
When you update the certificates on an Agent VM, Data Management for VMware Tanzu also updates the certificates on all active databases running in the Onboarded Cluster. If this operation fails for a database, you are required to update the certificates using the Data Management for VMware Tanzu API:
Identify the database VM for which you want to update the certificates. You can obtain the identifier by invoking the
/provider/databases endpoint of the Data Management for VMware Tanzu API, locating the database in the output, and extracting the
Sample response excerpt:
Invoke the API endpoint to refresh the certificates:
Deleting the trusted certificates on a database VM is a manual process. You must:
ssh into the database VM.