vCloud Usage Meter is a small virtual appliance used by service providers to measure their VMware product consumption for VSPP (VMware Service Provider Program) type licensing.
I needed to replace the self signed certificate of the web user interface. While there is a KB article 2047572 and also a chapter in the user guide dedicated to the subject neither was correct for my version 3.3.1 installation.
The web interfaces is provided by tc server which stores its certificate keystore in the following location:
The keystore password is silverpen and the certificate alias is um. The location and password can be changed by editing server.xml in the same directory.
Here is a quick guide how to generate and sign new certificate with java keytool. Note if you need to generate private key externally use the steps described in my older article here.
- Modify default path to include java keytool location:
- Go to tc server conf folderd
- Backup current keystore
mv tcserver.jks tcserver.jks.backup
- Generate private key. When asked always use password silverpen
keytool -genkey -alias um -keyalg RSA -keysize 2048 -keystore tcserver.jks
- Modify ownership of the keystore file:
chown usgmtr tcserver.jks
- Create certificate signing request
keytool -certreq -alias um -keyalg RSA -file vcum.csr -keystore tcserver.jks
- Sign CSR with your CA (save certificate as vcum.crt)
- Import root (and optionally intermediate) certificates if needed
keytool -import -trustcacerts -alias root -file fojta-dc-CA.cer -keystore tcserver.jks
- Import the signed certificate
keytool -import -alias um -file vcum.crt -keystore tcserver.jks
- Verify certificates were successfully imported into keystore
keytool -list -keystore tcserver.jksKeystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
root, Aug 1, 2014, trustedCertEntry,
Certificate fingerprint (MD5): E3:EE:7F:47:1A:3E:76:07:8F:27:5D:87:54:94:A4:E7
um, Aug 2, 2014, PrivateKeyEntry,
Certificate fingerprint (MD5): 26:3C:96:08:63:86:2B:E8:CA:2C:7F:53:6A:B2:EE:FA
- Restart tc service
service tomcat restart