Adding an SSL Certificate to the vROps Truststore (VMware Tanzu Application Service)

We recommend adding an SSL certificate for your PCF host server to the vROps truststore to help provide an added level of security.

Note: Different levels of security can be configured in the Management Pack. The least secure configurationis to set the Validate Certificate Against TruststoreAdvanced Setting to False . For added security, you can set the Validate Certificate Against Truststore Advanced Setting to True,and the Management Pack will have to verify the SSL certificate on your vROps system. See: Creating an Adapter Instance (VMware Tanzu Application Service).

To add the SSL certificate to your vROps truststore:

Obtain the SSL certificate for the Blue Medora Nozzle for PCF, which is stored in the certs folder of the nozzle's base directory.
Copy the certificate to your vROps machine.
Use ‘ssh’ to log in to the vROps machine as the root user, then run the following command:

Linux:

$VCOPS_BASE/jre/bin/keytool -import -alias <product_alias> -file /tmp/<certfile> -keystore “$VCOPS_DATA_VCOPS/user/conf/ssl/tcserver.truststore” -storepass `grep ssltruststorePassword /storage/vcops/user/conf/ssl/storePass.properties | sed s/ssltruststorePassword=//` -trustcacerts

Windows:

%VCOPS_BASE%\jre\bin\keytool -import -alias <product_alias> C:\path\to\certfile -keystore “%VCOPS_DATA_VCOPS%\user\conf\ssl\tcserver.truststore” -storepass <truststore_password> -trustcacerts

Parameter Descriptions:
- -alias is a unique name for each key that you add (per host)
- certfile is the location where the cert file was saved
Run the reboot command to re-start the vROps machine for the changes to take effect.