Adding an SSL Certificate to the vROps Truststore (Arista EOS)
For added security, we recommend adding an SSL certificate to the vROps truststore for your Arista EOS switch.
Different levels of security can be configured in the Management Pack. The least secure configuration is to set the SSL Config Advanced Setting to No Verify, and the management pack will accept all SSL certificates. For a higher level of security, you can set SSL Config to Verify, and the Management Pack will have to verify the SSL certificate on your vROps system. See: Creating an Adapter Instance (Arista EOS).
To add the SSL certificate to your vROps truststore:
- Obtain the SSL certificate for your Arista EOS switch from your Internet browser. Export the certificate as an X.509 Certificate (PEM).
- Copy the certificate to your vROps machine.
Use ‘ssh’ to log in to the vROps machine as the root user, then run the following command:
$VCOPS_BASE/jre/bin/keytool -import -alias <product_alias> -file /tmp/<certfile> -keystore “$VCOPS_DATA_VCOPS/user/conf/ssl/tcserver.truststore” -storepass `grep ssltruststorePassword /storage/vcops/user/conf/ssl/storePass.properties | sed s/ssltruststorePassword=//` -trustcacerts
%VCOPS_BASE%\jre\bin\keytool -import -alias <product_alias> C:\path\to\certfile -keystore “%VCOPS_DATA_VCOPS%\user\conf\ssl\tcserver.truststore” -storepass <truststore_password> -trustcacerts
- <product_alias> is a unique name for each key that you add (per host)
- <certfile> is the location where the cert file was saved
- Run the reboot command to re-start the vROps machine for the changes to take effect.