Table of ContentsView in Frames

Replacing an SSL certificate for VSC for VMware vSphere with CA-signed certificates

Virtual Storage Console (VSC) supports replacing self-signed SSL certificates for ports 8143 and 8043 with CA-signed certificates. If you replace or update an SSL certificate for VSC, by default the SSL certificate is updated for both the ports.

About this task

Also, if you are using the VSC backup and restore features for these ports, you must replace the SSL certificate. The certificate that you replace uses a stronger algorithm.

Steps

  1. Stop the vsc service.
    Virtual Storage Console for VMware vSphere Server
  2. Create a new certificate request to send it to the Certificate Authority (CA): C:\Program Files\NetApp\Virtual Storage Console>jre\bin\keytool.exe -certreq -alias nvpf -keystore etc\nvpf.keystore -file etc\myNewCertRequest.csr
  3. After the CA returns the signed certificate and the CA certificate, place them in the C:\program files\netapp\virtual storage console\etc\ directory.
    The signed certificate is newSignedCert.crt and the CA certificate is meCACert.crt.
  4. Import the CA certificate into the keystore: C:\Program Files\NetApp\Virtual Storage Console>jre\bin\keytool.exe -import -trustcacerts -alias root -file etc\meCACert.crt -keystore etc\nvpf.keystore
  5. Import the signed certificate for port 8143: C:\Program Files\NetApp\Virtual Storage Console>jre\bin\keytool.exe -import -trustcacerts -alias nvpf -file etc\newSignedCert.crt -keystore etc\nvpf.keystore
  6. Replace the certificates for port 8043 with the ones that are CA-signed:
    1. Stop the smvi service.
      NetApp SnapManager for Virtual Infrastructure
    2. Copy the following keys and values from the keystore.properties file at C:\Program Files\NetApp\Virtual Storage Console\etc:
      • http.ssl.key.password
      • http.ssl.keystore.file
      • http.ssl.keystore.password
    3. Paste the copied keys to the smvi.override file at C:\Program Files\NetApp\Virtual Storage Console\smvi\server\etc.
    4. Comment out the http.ssl.keystore.file=etc\\smvi.keystore entry.
      Note: If the smvi.override file does not exist, create a file as smvi.override at that location, and then add those keys.
    5. Restart the smvi service.
  7. Restart the vsc service.