After you use the VMware Validated Design Certificate Generation Utility (CertGenVVD) to generate certificates for the SDDC management components, replace the certificate on vSphere Data Protection if it is about to expire or is compromised.
- Log in to the vSphere Data Protection appliance.
- Open an SSH connection to the virtual machine sfo01w01vdp01.sfo01.rainpole.local.
- Log in using the following credentials.
- Stop the vSphere Data Protection Web services by running the following command.
If you see errors related to database server, ignore them.
- Delete the
tomcatalias from the Java keystore by running the following command.
/usr/java/latest/bin/keytool -delete -alias tomcat -storepass changeit
- Copy the .keystore file generated by CertGenVVD tool to the /tmp folder on the vSphere Data Protection virtual appliance.
You can use FileZilla or WinSCP.
- Run the following command to insert the new certification chain in to the keystore.
/usr/java/latest/bin/keytool -importkeystore -srckeystore /tmp/.keystore --destkeystore /root/.keystore -srcstorepass changeit -deststorepass changeit
- Run the following command and in the command output verify that the certificate entry with the
tomcatalias exists in the keystore.
/usr/java/latest/bin/keytool -list -v -keystore /root/.keystore -storepass changeit -keypass changeit
- If the certificate entry exists in the keystore, run the
addFingerprint.shscript to update the vSphere Data Protection server thumbprint.
- Start the vSphere Data Protection Web services by running the following command.
- Run the following command to remove the /tmp/.keystore file.