An Agent connects to the following third party systems:
These systems may require TLS-secured connections. In such cases, you may require that Data Management for VMware Tanzu access the systems using trusted certificates. Data Management for VMware Tanzu automatically copies any Provider certificates to an Agent when the Agent is onboarded. If you add new certificates to the Provider after deployment, you must manually copy these to each Agent VM. You must also manually copy a certificate specific to an Agent to the Agent VM.
Certificate files are stored in the following file system locations on the Agent VM:
Description | File System Location |
---|---|
TrustStore | /opt/vmware/tdm-tenant/cert/truststore.jks |
TrustStore Password | /opt/vmware/tdm-tenant/onboarding-service/config/application.yml |
Trusted Certificates .pem | /opt/vmware/tdm-tenant/cert/agent-trusted-certs.pem |
Data Management for VMware Tanzu adds the file name prefix agent-trusted-cert-<number>-
to the <original-cert-filename>.pem
of each trusted certificate, and individually copies each cert to the /etc/ssl/certs
directory on the Agent VM.
You must use the Data Management for VMware Tanzu API to update the certificates on the Agent VM:
Retrieve the existing trusted certificates:
GET https://<agent-ip-address>/onboarding/api/tenant/onboarding?action=get-trusted-certificates
A successful response includes a file named agent-trusted-certs.pem
that contains the currently trusted certificates.
Add the new trusted certificates to the returned file.
Update the certificates on the Agent VM:
--header
as a
Bearer
token.
POST https://<agent-ip-address>/onboarding/api/tenant/onboarding?action=add-trusted-certificates
Request parameters:
certificate: <cert-file>
Deleting the trusted certificates on an Agent VM is a manual process. You must:
ssh
into the Agent VM./opt/vmware/tdm-tenant/cert/truststore.jks
file./etc/ssl/certs
directory./opt/vmware/tdm-tenant/cert/agent-trusted-certs.pem
file.