Change Keystore and Truststore Passwords of the vSphere Replication Appliance

To increase security, you can change the default passwords of the vSphere Replication appliance keystore and truststore. If you copy the keystores from the appliance to another machine, VMware recommends that you change the passwords before the copy operation.

About this task

The keystore and truststore passwords might be stored in an access restricted config file. vSphere Replication has the following keystores:

/opt/vmware/hms/security/hms-keystore.jks, which contains the vSphere Replication appliance private key and certificate.
/opt/vmware/hms/security/hms-truststore.jks, which contains additional CA certificates besides the ones that Java already trusts.

Procedure

To change the hms-keystore.jks password, log in as root.
Obtain the current hms-keystore password.
```
# /opt/vmware/hms/hms-configtool -cmd list | grep keystore
```
Example of the output hms-keystore-password = old_password

Change the hms-keystore password.

 # /usr/java/default/bin/keytool -storepasswd -storepass old_password -new new_password -keystore /opt/vmware/hms/security/hms-keystore.jks

Change the vSphere Replication appliance private key password.

# /usr/java/default/bin/keytool -keypasswd -alias jetty -keypass
old_password -new new_password -storepass new_password -keystore
/opt/vmware/hms/security/hms-keystore.jks

Update the configuration with the new password.

/opt/vmware/hms/hms-configtool -cmd reconfig -property
'hms-keystore-password=new_password'

Reboot the appliance for the changes to take effect.
```
# reboot
```
To change the hms-truststore.jks password, log in as root.
Obtain the current hms-truststore password.
```
# /opt/vmware/hms/hms-configtool -cmd list | grep truststore
```
Example of the output: hms-truststore-password = old_password

Change the hms-truststore password.

# /usr/java/default/bin/keytool -storepasswd -storepass
old_password -new new_password -keystore
/opt/vmware/hms/security/hms-truststore.jks

Update the configuration with the new password.

/opt/vmware/hms/hms-configtool -cmd reconfig -property 
'hms-truststore-password=new_password'

Restart the vSphere Replication service.
```
# service hms restart
```