Merging tcserver.truststore with cacerts in vRealize Operations Manager 6.4 and 6.5
book
Article ID: 342724
calendar_today
Updated On:
Products
VMware Aria Suite
Show More
Show Less
Issue/Introduction
Symptoms:
Some third party Management Packs for vRealize Operations Manager 6.4 and 6.5 require additional certificates be placed in the java environment.Verification of these certificates fails if the certificate authority for these certificates is not part of the vRealize Operations Manager trust store.
Environment
VMware vRealize Operations Manager 6.4.x VMware vRealize Operations Manager 6.5.x
Resolution
To resolve the issue tcserver.truststore must be merged with the default JRE trust store. This can be done with a script, or manually.
Resolve using a script Download the attached merge.sh file. Copy merge.sh file to the /tmp location on the affected vRealize Operations Manager node using an SCP utility. Log in to the affected vRealize Operations Manager node as root via SSH or console. Add execute to merge.sh :chmod +x /tmp/merge.sh Execute merge.sh running the command:/tmp/merge.sh Resolve manually Log in to the affected vRealize Operations Manager node as root through the SSH or Console. Change to the /data/vcops/user/conf/ssl directory running the command:cd /data/vcops/user/conf/ssl Back up the tcserver.truststore file:cp /data/vcops/user/conf/ssl/tcserver.truststore /data/vcops/user/conf/ssl/tcserver.truststore.old Copy the JRE default trust store to the /data/vcops/user/conf/ssl directory:cp $VMWARE_JAVA_HOME/lib/security/cacerts /data/vcops/user/conf/ssl View the storePass.properties file:cat /data/vcops/user/conf/ssl/storePass.properties Note the password after ssltruststorePassword=. Example: ssltruststorePassword=ulUL1Dx9+f6VcEQa0fNGR8BPeJT4ap Run the following command and note the alias names.keytool -storepass "truststorePassword " -list -v -keystore tcserver.truststore | grep "Alias name\|Creation date" Note : Replace truststorePassword with the password found in step 6. Example: keytool -storepass "ulUL1Dx9+f6VcEQa0fNGR8BPeJT4ap" -list -v -keystore tcserver.truststore | grep "Alias name\|Creation date" Run the following command to copy the certificates from tcserver.truststore to the copied JRE trust store.keytool -importkeystore -srckeystore tcserver.truststore -destkeystore cacerts -srcalias alias -destalias alias Note : Replace alias with one of the alias names found in step 7. Example: keytool -importkeystore -srckeystore tcserver.truststore -destkeystore cacerts -srcalias vmwarespc -destalias vmwarespc When prompted for the destination keystore password, enter changeit . When prompted for the source keystore password, enter the truststore password found in step 6. Repeat steps 8-10 for all alias names in found in step 7. Run the following command to remove tcserver.truststore and replace it with cacerts .rm /data/vcops/user/conf/ssl/tcserver.truststore; mv /data/vcops/user/conf/ssl/cacerts /data/vcops/user/conf/ssl/tcserver.truststore Run the following command to change the password of the new tcserver.truststore file:keytool -storepasswd -keystore tcserver.truststore When prompted for the password, enter changeit . When prompted for the new password enter the password found in step 6.
Feedback
thumb_up
Yes
thumb_down
No