A VMware Data Services Manager Provider may connect to the following third party systems:
These systems may require TLS-secured connections. In such cases, you may require that VMware Data Services Manager access the systems using trusted certificates.
VMware Data Services Manager automatically copies any Provider certificates to an Agent when the Agent is onboarded. If you want to add a new certificate to the Provider after deployment, you must manually copy these to a Provider VM and the Agent VMs.
Certificate files are stored in the following file system locations on the Provider VM:
Description | File System Location |
---|---|
TrustStore | /opt/vmware/tdm-provider/cert/truststore.jks |
TrustStore Password | /opt/vmware/tdm-provider/apms-service/config/application.yml |
Trusted Certificates .pem | /opt/vmware/tdm-provider/cert/provider-trusted-certs.pem |
VMware Data Services Manager adds the file name prefix provider-trusted-cert-<number>-
to the <original-cert-filename>.pem
of each trusted certificate, and individually copies each cert to the /etc/ssl/certs
directory on the Provider VM.
You must use the VMware Data Services Manager API to update the certificates on the Provider VM:
Retrieve the existing trusted certificates:
GET https://<provider-ip-address>/appliance/provider/get-trusted-certificates
A successful response includes a file named provider-trusted-certs.pem
that contains the currently trusted certificates.
Add the new trusted certificates to the returned file.
Update the certificates on the Provider VM:
POST https://<provider-ip-address>/appliance/provider/add-trusted-certificates
Request parameters:
certificate: <cert-file>
Deleting the trusted certificates on a Provider VM is a manual process. You must:
ssh
into the Provider VM./opt/vmware/tdm-provider/cert/truststore.jks
file./etc/ssl/certs
directory./opt/vmware/tdm-provider/cert/provider-trusted-certs.pem
file.If you are running in Provider High Availability mode, you may need to synchronize certificates from the Primary Provider to one or more Standby Providers.
Use the /appliance/provider/sync-trusted-certificates
VMware Data Services Manager API endpoint to synchronize trusted certificates from the Primary Provider:
POST https://<provider-ip-address>/appliance/provider/sync-trusted-certificates