Generating the Java credential keystore

To generate the Java™ credential keystore, obtain the VMware ESX(i) Server certificates and then set the credential as the keystore path.

Procedure

Complete the following steps to generate the Java credential keystore:

  1. Obtain the VMware ESX(i) Server or vCenter Server certificate by using the vSphere client, the Secure Shell client application, or a web browser.
    To obtain VMware ESX(i) Server or vCenter Server certificates by using the vSphere client, create a root-level directory for the certificates.
    For example, C:\VMware-Certs
    1. Install the vSphere client if not already installed.
    2. Start the vSphere client and click to the VMware ESX, ESXi, or vCenter Server web server.
      A message about certifying authority for the certificate is displayed.
    3. Click View Certificate to show the certificate properties page. See Table 1 for an example of the certificate properties page.
    4. Click the Details tab.
    5. Click Copy to File to start the Certificate Export wizard.
    6. Select DER encoded binary X.509 (the default) and click Next.
    7. Click Browse and find the C:\VMware-Certs subdirectory.
    8. Enter a certificate name that identifies the server to which the certificate belongs.
      For example, C:\VMware-Certs\<server name>.cer
  2. To obtain server certificates by using the Secure Shell client application, connect to the VMware ESX system with a Secure Sockets Layer (SSL) client.
    Table 1. Server certificate file names and locations of the VMware ESX(i) and vCenter servers
    Server Directory location for certificate Certificate
    VMware ESXi 5.0, 5.1, 5.5, 6.0, 6.5 /etc/vmware/ssl/ rui.crt
    vCenter Server 5.0, 5.1, 5.5, 6.0 C:\Documents and Settings\All Users\Appications rui.crt
    1. Copy the certificates from the server to the certificate subdirectory. Use a unique file name for the certificate (assuming that you are copying multiple default certificates from multiple VMware ESX systems).
  3. To obtain server certificates by using a web browser, enter the following URL in a web browser to access the web service of the VMware ESX(i) Server or vCenter Server: https://9.11.110.240/
    1. If you receive a message about the security certificate, select Continue to this website (not recommended).
    2. On the toolbar, click Certificate Error and, in the Certificate Invalid window, click View certificates.
    3. In the Certificate window, select the Details tab.
    4. Click Copy to File and follow the Certificate Export Wizard with the default option to save the certificate.
    5. Create a directory for the Java keystore.
      For example, C:\VMware
    6. Use the Java keytool utility to import a certificate.
      The syntax is 
      keytool.exe -import -file <certificate-filename> 
-alias <server-name> -keystore vmware.keystore
      For example: 
      C:\Program Files\IBM\Hardware Provider for VSS-VDS\jre\bin\keytool.exe –import –file 
C:\tools\rui.crt –keystore C:\VMware\vmware.keystore
    7. When prompted for a keystore password, enter a password. The keystore utility shows the certificate information at the console.
      The following example shows the certificate information: 
      Owner: OID.1.2.840.113549.1.9.2="1301079258,564d7761726520496e632e",
CN=cimxa.ibm.com, EMAILADDRESS=ss1-certificates@vmware.com, OU=VMware
ESX Server Default Certificate, 0="VMware, Inc", L=Palo Alto, 
ST=California, C=US
Issuer: 0=VMware Installer
Serial number: 7730362f66385863
Valid from: 3/25/13 7:45 PM until 9/23/24 8:54 PM
Certificate fingerprints:
			MD5: 58:A3:A3:D4:D8:E0:CE:63:6B:B7:7F:4E:3E:6B:71:9D
			SHA1: 8B:60:B9:08:32:33:06:11:47:7D:6D:B6:B4:D1:D5:F9:78:D2:15:5F
			SHA256: 59:1B:A2:BE:D0:BC:04:1B:CE:62:B8:95:07:52:3E:54:69:76:10:A1:
						85:A6:A8:5A:C0:DB:45:79:46:FB:72:82
			Signature algorithm name: SHA1withRSA
			Version 3
      At the end of the certificate information, a prompt shows a request for confirmation that the certificate is trusted.
      Trust this certificate? [No}
    8. Type yes and press <Enter> to respond to the prompt and import the certificate into the vmware.keystore keystore. The console shows the following message: 
      Certificate was added to keystore
  4. To set the vmcredential as the vmware.keystore path, issue the following command 
    ibmvcfg set vmcredential "C:\VMware\vmware.keystore"
  5. Issue the ibmvcfg showcfg command to verify that the configuration is correctly saved.
    The following example output is from the ibmvcfg showcfg command:
    
cimomHost:                             9.115.246.54
cimomPort:                             5989
username <cimom>:                      superuser
usingSSL:                              true
vssFreeInitiator:                      500000000000000c0
vssReservedInitiator:                  500000000000000c1
backgroundCopy:                        50
targetSVC:
incrementalFC:                         false
cimomTimeout:                          0
rescanOnceArr:                         0
rescanOnceRem:                         0
rescanRemMin:                          0
rescanRemMax:                          45
storageProtocol:                       auto
storagePool:                           test_pool_1
allocateOption:                        standard
ioGroup:                               io_grp0
vmhost:                                https://9.115.247.103/sdk
vmusername:                            root
vmcredential:                          C:\vmware103.keystore
vmtimeout:                             600000