This post is more than 5 years old
3 Posts
0
7670
Importing Authentication Certificate from vCenter to MCS
Hi, I am in the process of configuring image level backups with our vmware environment. I have been following the configuration document and would prefer to go this route because I don't know if setting the the mcserver.xml to ignore the cert will have any repercussions on our other vcenter activated with avamar.
In the process of importing the cert I have found and copied the cert from the vCenter server into the /tmp/ of the utility node and created the temporary version of the MCS keystore.
At this point I input the following command to add the vCenter cert into the temporary MCS keystore using this command:
cd /tmp /usr/java/jre1.7.0_21/bin/keytool -import -file rui.crt -alias rui.crt -keystore rmi_ssl_keystore
Once I hit enter to import, it seems to take it, as no errors are produced and doesn't say anything else, however it does not prompt me if I want to trust the certificate.
I continued on without the prompt and copied the temp keystore to the live location and restarted MCS, and at that point tried to add my vcenter as a new client and receive the error that it failed to find a valid certification path to the vCenter.
Is there a piece I am missing to get it to prompt me to trust that cert? Or with the other method of configuring it to ignore the cert will that affect our other vCenter currently joined to Avamar?
Thanks
clevya
117 Posts
0
July 21st, 2014 01:00
Hello,
I just tested with "cd /tmp /usr/java/jre1.7.0_21/bin/keytool -import -file rui.crt -alias rui.crt -keystore rmi_ssl_keystore" and indeed I was NOT prompted to trust the certificate. It looks like this may be due to a typo.
There are in fact two commands on the one line, the two commands should be:
cd /tmp
/usr/java/jre1.7.0_21/bin/keytool -import -file rui.crt -alias rui.crt -keystore rmi_ssl_keystore
Please try running the above commands.
Note that this should also work with a ";" between the two commands:
cd /tmp; /usr/java/jre1.7.0_21/bin/keytool -import -file rui.crt -alias rui.crt -keystore rmi_ssl_keystore
The manual does appear to put the command on two different lines, if you have feedback about the manual please let me know.
To answer your second question, if you set up MCS to ignore vCenter certification errors we cannot be 100% sure we are connecting up to the correct vCenter which may be acceptable in a lab environment but for a production environment EMC strongly recommends you set up the correct authentication certificate.
Thanks
Adam
kmbay
58 Posts
0
April 20th, 2017 11:00
Hi,
I'm having a similar issue however after entering the command of "cd /tmp; /usr/java/jre1.8.0_66/bin/keytool -import -file rui.crt -alias rui.crt -keystore rmi_ssl_keystore"
I get an Illegal options error.
Illegal option: ???import
Key and Certificate Management Tool
ionthegeek
2K Posts
0
April 20th, 2017 12:00
It looks like you have some kind of special dash character instead of the ASCII dash. If you copied and pasted from a document (e.g. a word document or PDF), it may be an "en dash" instead of the dash on the keyboard. Try replacing the dash with - and the command should complete successfully.
mhelal_mds
5 Posts
0
April 21st, 2017 02:00
Are you logging as root ?
Get Outlook for iOS
kmbay
58 Posts
0
April 21st, 2017 13:00
turns out there is an error in the avamar 7.2 for VMware guide, page 26.
it says to use $JAVA_HOME/bin/keytool –import –file rui.crt -alias alias -keystore rmi_ssl_keystore
however the correct parameters are $JAVA_HOME/bin/keytool -importcert -file rui.crt -alias _rui.crt -srckeystore rmi_ssl_keystore
Once I used this second parameters I was prompted for a keystore password as I was supposed to.
ionthegeek
2K Posts
0
April 21st, 2017 14:00
If you look at what you pasted in from the guide, there is an "em dash" in the command line where there should be a regular dash. That is what caused the message in your previous post.
The -import flag was renamed to -importcert in Java 6 but the old flag is still supported:
keytool-Key and Certificate Management Tool