Generating the Java credential keystore

To generate the Java credential keystore, obtain the ESX(i) Server certificates and then set the credential as the keystore path.

Procedure

  1. Obtain the ESX(i) Server or vCenter Server certificate using the vSphere client, the Secure Shell client application, or Internet Explorer. To obtain ESX(i) Server or vCenter Server certificates using the vSphere client, create a root-level directory for the certificates. For example, C:\VMware-Certs.
    1. Install the vSphere client if not already installed.
    2. Start the vSphere client and navigate to the ESX, ESXi, or vCenter Server web server. A message displays regarding the certifying authority for the certificate.
    3. Click View Certificate to display the certificate properties page.
    4. Click the Details tab.
    5. Click Copy to File... to start the Certificate Export wizard.
    6. Select DER encoded binary X.509 (the default) and click Next.
    7. Click Browse... and navigate to the C:\VMware-Certs subdirectory.
    8. Enter a certificate name that identifies the server to which the certificate belongs. For example, (userinput) C:\VMware-Certs\<server name>.cer
  2. To obtain server certificates using the Secure Shell client application, connect to the ESX system using an SSL client.
    Note: Remote connections to the ESX service console as root are effectively disabled. To obtain the certificate, you must connect as another user with privileges on the server.
    Table 1. Server certificate file names and locations of the ESX(i) and vCenter servers
    Server Directory location for certificate Certificate
    ESX(i) 4.x, 5.0 /etc/vmware/ssl/ rui.crt
    vCenter Server 4.x, 5.0 C:\Documents and Settings\All Users\Appications rui.crt
    1. Copy the certificates from the server to the certificate subdirectory, using a unique file name for the certificate (assuming you are copying multiple default certificates from multiple ESX systems, for example).
  3. To obtain server certificates using Internet Explorer, type the following URL to access the web service of the ESX(i) Server or vCenter Server: https://9.11.110.240/
    1. If you receive a message about the security certificate, select Continue to this website (not recommended).
    2. On the toolbar, click Certificate Error and, in the Certificate Invalid window, click View certificates.
    3. In the Certificate window, select the Details tab.
    4. Click Copy to File and follow the Certificate Export Wizard with the default option to save the certificate.
    5. Create a directory for the Java keystore. For example, C:\VMware
    6. Use the Java keytool utility to import a certificate. The syntax is keytool -import -file <certificate-filename> -alias <server-name> -keystore vmware.keystore For example: 
      C:\Program Files\IBM\Hardware Provider for VSS-vDS\jre\bin\keytool.exe –import –file 
C:\tools\rui.crt –keystore C:\VMware\vmware.keystore
    7. When prompted for a keystore password, type a password.
    8. The keystore utility displays the certificate information at the console. For example:
      Figure 1. Certificate information
      This image illustrates certificate information
    9. At the end of the certificate information, a prompt displays a request for confirmation that the certificate is trusted: 
      Trust this certificate? [No}
    10. Type yes and press <Enter> to respond to the prompt and import the certificate into the vmware.keystore keystore. The console displays this message: 
      Certificate was added to keystore
  4. To set the vmcredential as the vmware.keystore path, type ibmvcfg set vmcredential "C:\VMware\vmware.keystore
  5. Type ibmvcfg showcfg to verify that the configuration is correctly saved:
    Figure 2. Verifying the configuration was saved
    This image illustrates verification that the configuration was saved correctly.