By using a certificate in the tenant configuration, you ensure security and encryption for tenant deployments. If the service provider vCloud Director instances use a self-signed certificate, you must update the on-premise vSphere Replication appliances to trust the self-signed certificate.
The following procedure contains long, single commands that should be run as one. There are breaks in the command for better visibility marked with "\". "#" marks the beginning of a new command.
Make sure that SSH is enabled on your vSphere Replication Appliance. For more information, see https://kb.vmware.com/s/article/2112307.
- Export the vCloud Director self-signed certificate and import it into the vSphere Replication Appliance keystore.
- Log in to vSphere Replication Appliance.
- Back up the appliance keystore by running the following command.
# cp /usr/java/default/lib/security/cacerts /usr/java/default/lib/security/cacerts.bak
- Export the vCloud Director self-signed certificate by running the following command.
# openssl s_client -connect vCD-IP:443 </dev/null 2>/dev/null \ | openssl x509 > /tmp/vcloud.pem
- Import the vCloud Director self-signed certificate into the vSphere Replication Appliance keystore by running the following command.
# /usr/java/default/bin/keytool -noprompt \ -import -trustcacerts -alias cloudproxy -file /tmp/vcloud.pem \ -keystore /usr/java/default/lib/security/cacerts -storepass changeitNote:
The keytool can be located in a different folder depending on the vSphere Replication release.
- Restart the services that use the keystore file by running the following commands.
# service hms restart # service vmware-vcd restart