To communicate with other servers securely, the vRealize Suite Lifecycle Manager server must be able to verify their identity. For this purpose, you might need to import the TLS certificate of the remote entity to the vRSLCM trust store. To trust a certificate, you can import it to the trust store directly as a DER-encoded file. In my case, I had to import the certificate from my SMTP server.
Here is how can you import a trusted certificate into the vRSLCM Keystore. Log into the vRSLCM Appliance as root via SSH or Console, pressing ALT+F1 in a Console to log in.
Navigate to the /usr/java/jre-vmware/bin/ directory and check if your certificate already listed running the following command:
keytool -v -list -storepass changeit -cacerts
If you are looking for a specific alias, you can also specify it in the command:
keytool -v -list -storepass changeit -cacerts -alias {YourAlias}
To get your remote servers certificate try the following command:
openssl s_client -connect {HOSTNAME}:{PORT} -starttls smtp
or try using openssl to save the remote server’s SSL certificate:
openssl s_client -connect {HOSTNAME}:{PORT} | tee certfile
Type QUIT and press the Enter / Return key. The certificate will be listed between “BEGIN CERTIFICATE” and “END CERTIFICATE” markers within a certfile . You can save it in /tmp in order to import it. If you already have a certificate as .pem you can convert it to .der with the following command:
openssl x509 -outform der -in /tmp/certificate.pem -out /tmp/certificate.der
so, now you can just import converted certificate in your keystore with the following command:
keytool -import -trustcacerts -alias {YourAlias} -storepass changeit -cacerts -file /tmp/certificate.der
type in yes and certificate will be added to a keystore.
Now you should have your trusted certificate imported in your vRealize Lifecycle Manager keystore.