If you have Cloud Proxy instances in the service provider environment that use different self-signed certificates than vCloud Director, you must update vSphere Replication appliances to trust them.
Repeat the following procedure for each Cloud Proxy instance in the service provider environment.
- Copy the self-signed certificate to the client vSphere Replication Appliance and load it into the keystore.
- Log in to vSphere Replication Appliance.
- Export the Cloud Proxy certificate and import it into the Java keystore:
# openssl s_client -connect $CLOUD_PROXY_IP:443 </dev/null 2>/dev/null \ | openssl x509 > /tmp/vcloud.pem # /usr/java/default/bin/keytool -noprompt \ -import -trustcacerts -alias cloudproxy -file /tmp/vcloud.pem \ -keystore /usr/java/default/lib/security/cacerts -storepass changeitNote:
Keytools can be on a different folder depending on the vSphere Replication release.
- Restart the services that use the keystore file by running the following commands.
# service hms restart # service vmware-vcd restart