Keytool Commands for interacting with certificates in SDDC Manager Java Keystores
Article ID: 314606
Updated On:
Products
VMware Cloud Foundation
Issue/Introduction
These keytool commands will be useful when needing to add, remove, or view the certificates in the SDDC Manager Trusted Root Stores
Environment
SDDC
Resolution
Take snapshot of the SDDC manager before making any changes
SDDC Manager has two keystores:
/etc/vmware/vcf/commonsvcs/trusted_certificates.store
(Password available in: /etc/vmware/vcf/commonsvcs/trusted_certificates.key)
/etc/alternatives/jre/lib/security/cacerts
(Password: changeit)
Command to view the list of certificates in the SDDC Manager keystores:
keytool -list -v -keystore /etc/vmware/vcf/commonsvcs/trusted_certificates.store --storepass <trust store key>
keytool -list -v -keystore /etc/alternatives/jre/lib/security/cacerts --storepass changeit
Command to view a single certificate and its details:
keytool -list -v -alias <aliasname> -keystore /etc/vmware/vcf/commonsvcs/trusted_certificates.store --storepass <trust store key>
keytool -list -v -alias <aliasname> -keystore /etc/alternatives/jre/lib/security/cacerts --storepass changeit
Command to add a cert to the SDDC Manager keystores:
keytool -importcert -alias <aliasname> -file <certificate file> -keystore /etc/vmware/vcf/commonsvcs/trusted_certificates.store --storepass <trust store key>
keytool -importcert -alias <aliasname> -file <certificate file> -keystore /etc/alternatives/jre/lib/security/cacerts --storepass changeit
Command to remove a certificate from the SDDC Manager keystores:
keytool -delete -alias <aliasname> -keystore /etc/vmware/vcf/commonsvcs/trusted_certificates.store -storepass <trust store key>
keytool -delete -alias <aliasname> -keystore /etc/alternatives/jre/lib/security/cacerts -storepass changeit
Additional Information
Impact/Risks:
MODERATE - These commands will change the certificates stored the trusted keystores, it is imperative to take a snapshot of the SDDC Manager VM prior to making any changes.
MODERATE - These commands will change the certificates stored the trusted keystores, it is imperative to take a snapshot of the SDDC Manager VM prior to making any changes.
Feedback
Yes
No
Powered by
