Share the knowledge: Change Keystore and Truststore Passwords of the vSphere Replication Appliance

The keystore and truststore passwords might be stored in an access restricted config file. vSphere Replication has the following keystores:

■	/opt/vmware/hms/security/hms-keystore.jks, which contains the vSphere Replication appliance private key and certificate.
■	/opt/vmware/hms/security/hms-truststore.jks, which contains additional CA certificates besides the ones that Java already trusts.

Procedure


# /opt/vmware/hms/hms-configtool -cmd list | grep keystore
 # /usr/java/default/bin/keytool -storepasswd -storepass old_password 
# /usr/java/default/bin/keytool -keypasswd -alias jetty -keypass
old_password -new new_password -storepass new_password -keystore
/opt/vmware/hms/security/hms-keystore.jks
/opt/vmware/hms/hms-configtool -cmd reconfig -property
'hms-keystore-password=new_password'
# reboot

# /opt/vmware/hms/hms-configtool -cmd list | grep truststore
# /usr/java/default/bin/keytool -storepasswd -storepass
old_password -new new_password -keystore
/opt/vmware/hms/security/hms-truststore.jks
/opt/vmware/hms/hms-configtool -cmd reconfig -property 
'hms-truststore-password=new_password'
# service hms restart

1	To change the hms-keystore.jks password, log in as root.
2	Obtain the current hms-keystore password. # /opt/vmware/hms/hms-configtool -cmd list \| grep keystore Example of the output `hms-keystore-password = old_password`
3	Change the hms-keystore password. # /usr/java/default/bin/keytool -storepasswd -storepass old_password -new new_password -keystore /opt/vmware/hms/security/hms-keystore.jks
4	Change the vSphere Replication appliance private key password. # /usr/java/default/bin/keytool -keypasswd -alias jetty -keypass old_password -new new_password -storepass new_password -keystore /opt/vmware/hms/security/hms-keystore.jks
5	Update the configuration with the new password. /opt/vmware/hms/hms-configtool -cmd reconfig -property 'hms-keystore-password=new_password'
6	Reboot the appliance for the changes to take effect. # reboot
7	To change the hms-truststore.jks password, log in as root.
8	Obtain the current hms-truststore password. # /opt/vmware/hms/hms-configtool -cmd list \| grep truststore Example of the output: `hms-truststore-password = old_password`
9	Change the hms-truststore password. # /usr/java/default/bin/keytool -storepasswd -storepass old_password -new new_password -keystore /opt/vmware/hms/security/hms-truststore.jks
10	Update the configuration with the new password. /opt/vmware/hms/hms-configtool -cmd reconfig -property 'hms-truststore-password=new_password'
11	Restart the vSphere Replication service. # service hms restart

Share the knowledge

Thursday, May 19, 2016

Change Keystore and Truststore Passwords of the vSphere Replication Appliance

No comments:

Post a Comment