A vCenter Server certificate might rotate when it expires or is refreshed. When the vCenter Server certificate changes, you have to update the certificate in VMware Data Services Manager.
As a DSM administrator, perform these steps to configure the modified vCenter Server certificate.
Procedure
- Login to DSM.
curl --location -k -v 'https://[[PROVIDER_IP_ADDRESS]]/provider/session' \
--header 'Content-Type: application/json' \
--data-raw '{
"email" : "DSM ADMIN UserName",
"password" : "DSM ADMIN Password"
}'
Copy the Authorization Bearer token from the response headers, as shown below.
- Get existing trusted certificates.
curl --location -k 'https://[[PROVIDER_IP_ADDRESS]]/appliance/provider/get-trusted-certificates' \
--header 'Accept: application/vnd.vmware.dms-v1+octet-stream' \
--header 'Authorization: [[Token from Step 1]]'
Copy the response content into a file on your system and save it.
- Copy the vCenter Server certificate.
- Download the certificate file for vCenter Server as shown below:
- Click More Information.
- Click View Certificate.
- Click PEM(Cert)
This action downloads the certificate to local system.
Edit this file in a notepad, copy the content, and add it to the file that you saved in Step 2.
- Add the trusted certificate.
curl --location -k --request POST 'https://<provider-ip>/appliance/provider/add-trusted-certificates' \
--header 'accept: application/vnd.vmware.dms-v1+json' \
--header 'Content-Type: multipart/form-data' \
--header 'Authorization: <token>' \
--form 'certificate=@"[[path of the ]]/provider-trusted-certs.pem";type=application/x-x509-ca-cert'
This action adds the new vCenter Server certificate to VMware Data Services Manager.
- Delete the service account.
curl --location -k --request DELETE 'https://<provider-ip>/provider/vc/svc-account' \
--header 'Accept: application/vnd.vmware.dms-v1+json' \
--header 'Content-Type: application/json' \
--header 'Authorization: <token>' \
--data-raw '{
"vcHost" : "<VCenter host>",
"userName" : "<VCenter username>",
"password" : "<VCenter password>"
}'
Observe the response code: 200, Service account deleted successfully
.
- Create the service account.
curl --location -k --request POST 'https://<provider-ip>/provider/vc/svc-account' \
--header 'Accept: application/vnd.vmware.dms-v1+json' \
--header 'Content-Type: application/json' \
--header 'Authorization: <token>' \
--data-raw '{
"vcHost" : "<VCenter host>",
"userName" : "<VCenter username>",
"password" : "<VCenter password>"
}'
Observe the response code: 200, Service account created successfully
.
Results
After performing this task, wait two to three hours for the vCenter Server certificate to get fully trusted with VMware Data Services Manager.