A vCenter Server certificate might rotate when it expires or is refreshed. When the vCenter Server certificate changes, you have to update the certificate in VMware Data Services Manager.

As a DSM administrator, perform these steps to configure the modified vCenter Server certificate.

Procedure

  1. Login to DSM. 
    curl --location -k -v 'https://[[PROVIDER_IP_ADDRESS]]/provider/session' \
--header 'Content-Type: application/json' \
--data-raw '{
"email" : "DSM ADMIN UserName",
"password" : "DSM ADMIN Password"
}'

    Copy the Authorization Bearer token from the response headers, as shown below.

  2. Get existing trusted certificates. 
    curl --location -k 'https://[[PROVIDER_IP_ADDRESS]]/appliance/provider/get-trusted-certificates' \
--header 'Accept: application/vnd.vmware.dms-v1+octet-stream' \
--header 'Authorization: [[Token from Step 1]]'

    Copy the response content into a file on your system and save it.

  3. Copy the vCenter Server certificate.
    1. Download the certificate file for vCenter Server as shown below:
    2. Click More Information.
    3. Click View Certificate.
    4. Click PEM(Cert)
      This action downloads the certificate to local system.

      Edit this file in a notepad, copy the content, and add it to the file that you saved in Step 2.

  4. Add the trusted certificate. 
    curl --location -k --request POST 'https://<provider-ip>/appliance/provider/add-trusted-certificates' \
--header 'accept: application/vnd.vmware.dms-v1+json' \
--header 'Content-Type: multipart/form-data' \
--header 'Authorization: <token>' \
--form 'certificate=@"[[path of the ]]/provider-trusted-certs.pem";type=application/x-x509-ca-cert'

    This action adds the new vCenter Server certificate to VMware Data Services Manager.

  5. Delete the service account. 
    curl --location -k --request DELETE 'https://<provider-ip>/provider/vc/svc-account' \
--header 'Accept: application/vnd.vmware.dms-v1+json' \
--header 'Content-Type: application/json' \
--header 'Authorization: <token>' \
--data-raw '{
"vcHost"   : "<VCenter host>",
"userName" : "<VCenter username>",
"password" : "<VCenter password>"
}'

    Observe the response code: 200, Service account deleted successfully.

  6. Create the service account. 
    curl --location -k --request POST 'https://<provider-ip>/provider/vc/svc-account' \
--header 'Accept: application/vnd.vmware.dms-v1+json' \
--header 'Content-Type: application/json' \
--header 'Authorization: <token>' \
--data-raw '{
"vcHost"   : "<VCenter host>",
"userName" : "<VCenter username>",
"password" : "<VCenter password>"
}'

    Observe the response code: 200, Service account created successfully.

Results

After performing this task, wait two to three hours for the vCenter Server certificate to get fully trusted with VMware Data Services Manager.