A self-signed certificate is generated when you first install the View adapter. The desktop message server and the broker message server use this certificate by default to authenticate to the agents. You can replace the self-signed certificate with a certificate that is signed by a valid certificate authority.

Prerequisites

  • Verify that you can connect to the node where the View adapter is running.

  • Verify that you have the password for certificate store. You can obtain the password from the msgserver.properties file. See View Adapter Certificate and Trust Store Files.

  • Become familiar with the Java keytool utility. Documentation is available at http://docs.oracle.com.

Procedure

  1. Log in to the node where the View adapter is running.
  2. Navigate to the View adapter's work directory.

    Platform

    Directory Location

    Linux

    /usr/lib/vmware-vcops/user/plugins/inbound/V4V_adapter3/work

    Windows

    C:\vmware\vcenteroperations\user\plugins\inbound\V4V_adapter3\work

  3. Use the keytool utility with the -selfcert option to generate a new self-signed certificate for the View adapter.

    Because the default self-signed certificate is issued to VMware, you must generate a new self-signed certificate before you can request a signed certificate. The signed certificate must be issued to your organization.

    For example:

    keytool –selfcert –alias v4v-adapter –dname dn-of-org –keystore v4v-adapter.jks

    dn-of-org is the distinguished name of the organization to which the certificate is issued, for example, "OU=Management Platform, O=VMware, Inc., C=US".

    By default, the certificate signature uses the SHA1withRSA algorithm. You can override this default by specifying the name of the algorithm with the -sigalg option.

  4. Use the keytool utility with the -certreq option from the adapter work directory to generate a certificate signing request.

    A certificate signing request is required to request a certificate from a certificate signing authority.

    For example:

    keytool –certreq –alias v4v-adapter –file certificate-request-file -keystore v4v-adapter.jks

    certificate-request-file is the name of the file that will contain the certificate signing request.

  5. Upload the certificate signing request to a certificate authority and request a signed certificate.

    If the certificate authority requests a password for the certificate private key, use the password configured for the certificate store.

    The certificate authority returns a signed certificate.

  6. To import the certificate, copy the certificate file to the View adapter work directory and run the keytool utility with the –import option.

    For example:

    keytool –import –alias v4v-adapter –file certificate-filename -keystore v4v-adapter.jks

    certificate-filename is the name of the certificate file from the certificate authority.

    When the keytool utility is finished, the signed certificate is imported to the adapter certificate store.

  7. To start using the new certificate, restart the View adapter on the node where the adapter is running.

    Platform

    Action

    Linux

    Run the service vmware-vcops restart command.

    Windows

    Use the Windows Services tool (services.msc) to restart the vRealize Operations View Adapter service.

What to do next

After you restart the View adapter, you must pair any broker agents that are attached to the View adapter. See Certificate Pairing.