To increase security, you can change the passwords of the vSphere Replication appliance keystore. If you copy the keystores from the appliance to another machine, you must change the passwords before the copy operation.
The keystore passwords might be stored in an access restricted configuration file.
vSphere Replication has the following keystores:
- /opt/vmware/hms/security/hms-keystore.jks, which contains the vSphere Replication appliance private key and certificate.
- /opt/vmware/hms/security/hms-truststore.jks, which contains additional CA certificates besides the ones that Java already trusts.
Procedure
- To change the password for the hms-keystore.jks keystore, open the remote console of your vSphere Replication virtual machine and log in as root.
- Obtain the current keystore password.
# /opt/vmware/hms/bin/hms-configtool -cmd list | grep keystore
Example of the output
hms-keystore-password = old_password
- Change the keystore password.
# /usr/java/default/bin/keytool -storepasswd -storepass old_password -new new_password -keystore /opt/vmware/hms/security/hms-keystore.jks
- Change the vSphere Replication appliance private key password.
The following command is a long, single command and must be run at once. There are breaks in the command for better visibility. Verify that the command returns a success message.
# /usr/java/default/bin/keytool -keypasswd -alias jetty -keypass
old_password -new new_password -storepass new_password -keystore
/opt/vmware/hms/security/hms-keystore.jks
- Update the configuration with the new password.
/opt/vmware/hms/bin/hms-configtool -cmd reconfig -property 'hms-keystore-password=new_password'
- Update the tomcat server.xml file with the new password.
sed -i 's/old_password/new_password/g' /var/opt/apache-tomcat/webapps/dr/WEB-INF/classes/h5dr.properties
- Reboot the appliance for the changes to take effect.
- Use a supported browser to log in to the VRMS Appliance Management Interface.
The URL for the
VRMS Appliance Management Interface is https://
vr-appliance-address:5480.
- Click Configure, and click Restart.
What to do next
If you want to change the truststore passwords of the vSphere Replication appliance, see Change the Truststore Passwords of the vSphere Replication Appliance.