Replace the default VMware-signed certificate on vSphere Data Protection in Region B with the certificate that is signed by the Microsoft CA on the dc01lax.lax01.rainpole.local AD server.

Prerequisites

Generate a certificate for vSphere Data Protection on the dc01lax.lax01.rainpole.local AD server. See #GUID-9DC7BCC2-7BC6-4A67-B4FC-2CAD32145CCB.

Procedure

  1. On the Windows host that has access to the data center, copy the vdp.p7b certificate file to the /root folder on the vSphere Data Protection virtual appliance.

    You can use scp, FileZilla or WinSCP.

  2. Log in to the vSphere Data Protection appliance.
    1. Open an SSH connection to the virtual machine mgmt01vdp51.lax01.rainpole.local.
    2. Log in using the following credentials.

      Setting

      Value

      User name

      root

      Password

      vdp_root_password

  3. Verify that the vSphere Data Protection services are stopped.
    emwebapp.sh --test

    If the services are running, stop them by running the following command.

    emwebapp.sh --stop
  4. Import the certificate.
    1. Run the following console command.
      /usr/java/latest/bin/keytool -import -alias tomcat -keystore /root/.keystore -file /root/vdp.p7b
    2. When prompted for the keystore password, enter changeit.
    3. When prompted to trust the certificate, enter yes and press Enter.




  5. Verify that the certificate is installed successfully. 
    1. Run the following command.
      /usr/java/latest/bin/keytool -list -v -keystore /root/.keystore -storepass changeit -keypass changeit | grep tomcat
    2. Verify that the output contains Alias name: tomcat.




  6. Run the addFingerprint.sh script to update the vSphere Data Protection server thumbprint displayed in the VM console welcome screen.
    /usr/local/avamar/bin/addFingerprint.sh

    This script does not return any output.

  7. Start the vSphere Data Protection services.
    emwebapp.sh	--start