After you use the VMware Validated Design Certificate Generation Utility (CertGenVVD) to generate certificates for the SDDC management components, replace the default VMware-signed certificate on vSphere Data Protection in Region B with the certificate that is generated by CertGenVVD.
- Log in to the vSphere Data Protection appliance.
- Open an SSH connection to the virtual machine lax01m01vdp01.lax01.rainpole.local.
- Log in using the following credentials.
- Stop the vSphere Data Protection Web services by running the following command.
If you see errors related to the database server, ignore them.
- Delete the tomcat alias from the Java keystore by running the following command.
/usr/java/latest/bin/keytool -delete -alias tomcat -storepass changeit
- Copy the .keystore file generated by the CertGenVVD tool to the /tmp folder on the vSphere Data Protection virtual appliance.
You can use FileZilla or WinSCP.
- Run the following command to insert the new certification chain into the keystore
keytool -importkeystore -srckeystore /tmp/.keystore --destkeystore /root/.keystore -srcstorepass changeit -deststorepass changeit
- Run the following command and in the command output verify whether the certificate entry with the
tomcatalias exists in the keystore.
/usr/java/latest/bin/keytool -list -v -keystore /root/.keystore -storepass changeit -keypass changeit
- If the certificate entry exists in the keystore, run the addFingerprint.sh script to update the vSphere Data Protection server thumbprint.
- Start the services by running the following command.
- Execute the following command to remove the /tmp/.keystore file