If the endpoint has self signed certificate (typical non production setups), provide thumbprints to trust the endpoints. You can skip providing thumbprint if the endpoints certificates have been signed by the trusted CAs.
Thumbprint CLI
$ openssl s_client -connect <IP>:<port> < /dev/null 2> /dev/null | openssl x509 -fingerprint -sha256 -noout -in /dev/stdin | cut -d'=' -f 2 The result of this command is the thumbprint: E.g. $ openssl s_client -connect 1.2.3.4:443 < /dev/null 2> /dev/null | openssl x509 -fingerprint -sha256 -noout -in /dev/stdin | cut -d'=' -f 2 254:D8:B3:DA:BA:A6:7F:95:0B:86:0B:E8:32:F2:88:B6:B2:DF:91:C1:F0:03:F0:2B:C3:0B:E1:72:F0:0D:28:DC
Typically, you need thumbprints for:
TCA Manager web (443) endpoint (
vmEndpoint
)VC endpoint (
vcEndpoint
)
TCA appliance 9443 thumbprints are generated in Generate Topology Template CLI.