If you do not configure the vCenter Hyperic server and vCenter Hyperic agents to use keystores that you create and manage before you first start the server and agents, vCenter Hyperic will generate default keystores with self-signed certificates. You can change the SSL certificates to use a user-managed keystore.

Verify that you have a a trusted PKC12-format keystore for vCenter Hyperic server, and that an SSL certificate of the correct format is installed the the vCenter Hyperic server host.

1

Open ServerHome/conf/hq-server.conf in a text editor and make the following changes.

a

Set the value of accept.unverified.certificates to false.

b

Define the location of your trusted keystore with the server.keystore.path property.

c

Define the password for your trusted keystore with the server.keystore.password property.

d

Save your changes and restart the vCenter Hyperic server.

2

For each vCenter Hyperic agent reporting to the vCenter Hyperic server

a

Obtain an SSL certificate from your CA and install it on the vCenter Hyperic agent host.

b

Open AgentBundle/AgentHome/agent.properties in a text editor.

c

Set the value of agent.setup.acceptUnverifiedCertificate to "false".

d

Define the location of your trusted keystore with the agent.keystore.path property.

e

Define the password for your trusted keystore with the agent.keystore.password property.

f

Save your changes and restart the vCenter Hyperic agent.