Merging tcserver.truststore with cacerts in vRealize Operations Manager 6.4 and 6.5
search cancel

Merging tcserver.truststore with cacerts in vRealize Operations Manager 6.4 and 6.5

book

Article ID: 342724

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms:
Some third party Management Packs for vRealize Operations Manager 6.4 and 6.5 require additional certificates be placed in the java environment.Verification of these certificates fails if the certificate authority for these certificates is not part of the vRealize Operations Manager trust store.


Environment

VMware vRealize Operations Manager 6.4.x
VMware vRealize Operations Manager 6.5.x

Cause

Resolution

To resolve the issue tcserver.truststore must be merged with the default JRE trust store. This can be done with a script, or manually.

Resolve using a script

  1. Download the attached merge.sh file.
  2. Copy merge.sh file to the /tmp location on the affected vRealize Operations Manager node using an SCP utility.
  3. Log in to the affected vRealize Operations Manager node as root via SSH or console.
  4. Add execute to merge.sh:

    chmod +x /tmp/merge.sh

  5. Execute merge.sh running the command:

    /tmp/merge.sh

Resolve manually

  1. Log in to the affected vRealize Operations Manager node as root through the SSH or Console.
  2. Change to the /data/vcops/user/conf/ssl directory running the command:

    cd /data/vcops/user/conf/ssl

  3. Back up the tcserver.truststore file:

    cp /data/vcops/user/conf/ssl/tcserver.truststore /data/vcops/user/conf/ssl/tcserver.truststore.old

  4. Copy the JRE default trust store to the /data/vcops/user/conf/ssl directory:

    cp $VMWARE_JAVA_HOME/lib/security/cacerts /data/vcops/user/conf/ssl

  5. View the storePass.properties file:

    cat /data/vcops/user/conf/ssl/storePass.properties

  6. Note the password after ssltruststorePassword=.

    Example: ssltruststorePassword=ulUL1Dx9+f6VcEQa0fNGR8BPeJT4ap

  7. Run the following command and note the alias names.

    keytool -storepass "truststorePassword" -list -v -keystore tcserver.truststore | grep "Alias name\|Creation date"


    Note: Replace truststorePassword with the password found in step 6.

    Example: keytool -storepass "ulUL1Dx9+f6VcEQa0fNGR8BPeJT4ap" -list -v -keystore tcserver.truststore | grep "Alias name\|Creation date"

  8. Run the following command to copy the certificates from tcserver.truststore to the copied JRE trust store.

    keytool -importkeystore -srckeystore tcserver.truststore -destkeystore cacerts -srcalias alias -destalias alias


    Note: Replace alias with one of the alias names found in step 7.

    Example: keytool -importkeystore -srckeystore tcserver.truststore -destkeystore cacerts -srcalias vmwarespc -destalias vmwarespc

  9. When prompted for the destination keystore password, enter changeit.
  10. When prompted for the source keystore password, enter the truststore password found in step 6.
  11. Repeat steps 8-10 for all alias names in found in step 7.
  12. Run the following command to remove tcserver.truststore and replace it with cacerts.

    rm /data/vcops/user/conf/ssl/tcserver.truststore; mv /data/vcops/user/conf/ssl/cacerts /data/vcops/user/conf/ssl/tcserver.truststore

  13. Run the following command to change the password of the new tcserver.truststore file:

    keytool -storepasswd -keystore tcserver.truststore

  14. When prompted for the password, enter changeit.
  15. When prompted for the new password enter the password found in step 6.


Attachments

merge.sh get_app
Powered by Wolken Software