Import Server Certificates into the Java Keystore for the Web Services SDK

Import server certificates if you plan to use the HTTPS protocol and if you do not plan to use the --ignorecert command-line argument.

To use HTTP, rather than HTTPS, and avoid the use of certificates entirely, follow the procedure detailed in Endpoint Configuration for HTTP. However, using HTTPS provides better security for production environments.

The JAVAHOME environment variable must be set and added to the PATH environment variable. The certificate for each target server must be located in the vmware-certs subdirectory, as described in this procedure. For detailed information about server certificates, see Obtaining Server Certificates.

Procedure

  1. Open the Windows command prompt or Linux shell command.
  2. Create the directory for the Java certificate store.
    Create the directory only. The actual keystore file, vmware.keystore, is created during the process of importing the certificates.
    Operating SystemPath
    Windows C:\VMware-Certs\vmware.keystore
    Linux ~/vmware-certs/vmware.keystore
  3. Navigate to the directory.

    For example, on Windows use the following directory:

    cd vmware-certs\vmware

  4. Use the Java keytool utility to import a certificate.
    The syntax is as follows: 
    keytool -import -trustcacerts -alias server-name -file certificate-filename -keystore keystore-name

    For example: 

    C:\VMware-Certs>keytool -import -trustcacerts -alias root -file root.cer -keystore keystore.jks

    A prompt requesting a password for the keystore appears:

    Enter keystore password:
  5. Create a password for the keystore by entering it at the prompt.

    The keystore utility displays the certificate information at the console. For example: 

    Owner: OID.1.2.840.113549.1.9.2="1183400896,564d7761726520496e632e", 
CN=sdkpubslab-01.vmware.com, [email protected], 
OU=VMware ESX Server Certificate, O="VMware, Inc.", L=Palo Alto, 
ST=California, C=US Issuer: 
OID.1.2.840.113549.1.9.2="1183400896,564d7761726520496e632e", 
CN=sdkpubslab-01.vmware.com, [email protected], 
OU=VMware ESX Server Certificate, O="VMware, Inc.", L=Palo Alto, 
ST=California, C=US Serial number: 0 Valid from: Mon Jul 02 11:28:17 PDT 2007 until: Mon Aug 31 11:28:17 PDT 2026 
Certificate fingerprints: 
MD5: . . .61:35:C0:C4 
SHA1: 4C:...78:B2

    At the end of the certificate information, a prompt displays a request for confirmation that the certificate is trusted:

    Trust this certificate? [no]:
  6. Type yes and press Enter to respond to the prompt and import the certificate into the vmware.keystore keystore.

    The console displays this message:

    Certificate was added to keystore
  7. Repeat Step 1 through Step 1 for each target server.