Configuring vCenter CA Certificates on the NetBackup primary server
For NetBackup 10.0.1 and later, a vCenter CA certificate is automatically added to truststoreVWCP. If there are multiple certificates configured in the vCenter, only the certificate that is issued to and issued by Certificate Authority is added to the truststoreVWCP. If the vCenter CA certificate is not added automatically then follow the steps to add it manually:
To configure vCenter CA Certificates on the NetBackup primary server
- Download the vCenter CA certificates from the following URL:
https://vCenter IP/FQDN/certs/download.zip
NetBackup validates VMware virtualization server certificates using their root or intermediate certificate authority (CA) certificates.
- Extract the contents of a zip file to any local location.
- Get the
storepassfromVeritas/NetBackup/var/global/jkskey. - Update and run the following command:
Windows
C:\program files\veritas\NetBackup\jre\bin\keytool -storetype BCFKS -providerpath "C:\program files\veritas\NetBackup\wmc\webserver\lib\ccj.jar" -providerclass com.safelogic.cryptocomply.jcajce.provider.CryptoComplyFipsProvider -importcert -file C:\lab_systems\download\certs\win\dbabbe1a.0 -keystore "C:\program files\veritas\NetBackup\var\global\wsl\credentials\ truststoreVWCP.bcfks" -storepass 51570256d4919d9b -alias VMwarrCA
Linux
/usr/openv/java/jre/bin/keytool -storetype BCFKS -keystore truststoreVWCP.bcfks -providerpath /usr/openv/wmc/webserver/lib/ccj-3.0.1.jar -providerclass com.safelogic.cryptocomply.jcajce.provider.CryptoComplyFipsProvider -storepass:file /usr/openv/var/global/jkskey -importcert -file /certs/f668ef66.0 -alias VMwareCA2