A vCenter certificate might rotate when it expires or is refreshed.

When the vCenter certificate changes, you have to update the certificate in VMware Data Services Manager.

As a DSM administrator, perform these steps to configure the modified vCenter certificate.

  1. Login to DSM.

    curl --location -k -v 'https://[[PROVIDER_IP_ADDRESS]]/provider/session' \
    --header 'Content-Type: application/json' \
    --data-raw '{
    "email" : "DSM ADMIN UserName",
    "password" : "DSM ADMIN Password"
    }'
    
    

    Copy the Authorization Bearer token from the response headers, as shown below.

    Authorization Bearer token from the response headers
  2. Get existing trusted certificates.

    curl --location -k 'https://[[PROVIDER_IP_ADDRESS]]/appliance/provider/get-trusted-certificates' \
    --header 'Accept: application/vnd.vmware.dms-v1+octet-stream' \
    --header 'Authorization: [[Token from Step 1]]'
    

    Copy the response content into a file on your system and save it.

  3. Copy the vCenter certificate.

    1. Download the certificate file for vCenter as shown below:

      Download the certificate file
    2. Click More Information.

      Click more information
    3. Click View Certificate.

      Click View Certificate
    4. Click PEM(Cert)

      This action downloads the certificate to local system.

      Click PEM

      Edit this file in a notepad, copy the content, and add it to the file that you saved in Step 2.

  4. Add the trusted certificate.

    curl --location -k --request POST 'https://<provider-ip>/appliance/provider/add-trusted-certificates' \
    --header 'accept: application/vnd.vmware.dms-v1+json' \
    --header 'Content-Type: multipart/form-data' \
    --header 'Authorization: <token>' \
    --form 'certificate=@"[[path of the ]]/provider-trusted-certs.pem";type=application/x-x509-ca-cert'
    

    This action adds the new vCenter certificate to VMware Data Services Manager.

  5. Delete the service account.

    curl --location -k --request DELETE 'https://<provider-ip>/provider/vc/svc-account' \
    --header 'Accept: application/vnd.vmware.dms-v1+json' \
    --header 'Content-Type: application/json' \
    --header 'Authorization: <token>' \
    --data-raw '{
    "vcHost"   : "<VCenter host>",
    "userName" : "<VCenter username>",
    "password" : "<VCenter password>"
    }'
    

    Observe the response code: 200, Service account deleted successfully.

  6. Create the service account.

    curl --location -k --request POST 'https://<provider-ip>/provider/vc/svc-account' \
    --header 'Accept: application/vnd.vmware.dms-v1+json' \
    --header 'Content-Type: application/json' \
    --header 'Authorization: <token>' \
    --data-raw '{
    "vcHost"   : "<VCenter host>",
    "userName" : "<VCenter username>",
    "password" : "<VCenter password>"
    }' 
    

    Observe the response code: 200, Service account created successfully.

After performing this task, wait two to three hours for the vCenter certificate to get fully trusted with VMware Data Services Manager.

check-circle-line exclamation-circle-line close-line
Scroll to top icon