If you do not configure the vRealize Hyperic server and vRealize Hyperic agents to use keystores that you create and manage before you first start the server and agents, vRealize Hyperic will generate default keystores with self-signed certificates. You can change the SSL certificates to use a user-managed keystore.

Prerequisites

Verify that you have a a trusted PKC12-format keystore for vRealize Hyperic server, and that an SSL certificate of the correct format is installed the the vRealize Hyperic server host.

Procedure

  1. Open ServerHome/conf/hq-server.conf in a text editor and make the following changes.
    1. Set the value of accept.unverified.certificates to false.
    2. Define the location of your trusted keystore with the server.keystore.path property.
    3. Define the password for your trusted keystore with the server.keystore.password property.
    4. Save your changes and restart the vRealize Hyperic server.
  2. For each vRealize Hyperic agent reporting to the vRealize Hyperic server
    1. Obtain an SSL certificate from your CA and install it on the vRealize Hyperic agent host.
    2. Open AgentBundle/AgentHome/agent.properties in a text editor.
    3. Set the value of agent.setup.acceptUnverifiedCertificate to "false".
    4. Define the location of your trusted keystore with the agent.keystore.path property.
    5. Define the password for your trusted keystore with the agent.keystore.password property.
    6. Save your changes and restart the vRealize Hyperic agent.