When viewing the System Dashboard page within the vIDM the passthrough certificate shows as being expired or expiring soon.

Identity Manager 3.3.7

Passthrough certificate got added and wasn't used so wants to remove it rather than just replace it with a new certificate

If you have your vIDM servers installed in a DMZ and have Certificate Authentication configured as per our documentation then just replace the certificate with a newly issued certificate.

Installing a Passthrough Certificate

Deploying VMware Identity Manager in the DMZ

If DMZ install with Certificate Authentication is not being used, but had a Passthrough Certificate added at some point and just want to remove it, follow the below instructions:

** NOTE **

• This process is individual to each server and would have to be executed against each of them in a clustered environment.
• Make sure you have snapshots or backups of the servers prior to making any changes to the environment.

1. Log into the vIDM server using SSH and get to a root level BASH prompt
   
   
2. Use this command to confirm the certificate is in place
   keytool -list -v -keystore /opt/vmware/horizon/workspace/conf/tcserver.keystore -storetype BCFKS -providerclass org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath /opt/vmware/certproxy/lib/bc-fips-*.jar -storepass "$(grep keystore.password /opt/vmware/horizon/workspace/conf/catalina.properties | awk -F '=' '{print $2}')"
   
   
   
   
3. Once it is confirmed that the certificate is present use this command to delete the passthrough certificate
   keytool -delete -keystore /opt/vmware/horizon/workspace/conf/tcserver.keystore -storetype BCFKS -providerclass org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider -providerpath /opt/vmware/certproxy/lib/bc-fips-*.jar -storepass "$(grep keystore.password /opt/vmware/horizon/workspace/conf/catalina.properties | awk -F '=' '{print $2}')" -alias passthrough
   
   
4. Repeat for each server that has the Passthrough Certificate installed.
   
   
5. Confirm the certificate is gone by running the command from Step 2 again, then verify it shows as being cleared out on the System Dashboard and in the Passthrough Certificate tab for the appliance.