Replacing Tomcat Certificates on the UltraVR

For security concerns, users may choose to use certificates issued by third-party certification authorities. The UltraVR allows users to replace user Tomcat certificates as long as users provide authentication certificates and private-public key pairs. Replaced authentication certificates take effect after the UltraVR is reset. Therefore, replace certificates on the server only when a small volume of services are configured.

Prerequisites

A cross-platform remote access tool, such as PuTTY, has been obtained.
If the UltraVR management server runs Linux, the password for the root or DRManager account has been obtained.
New certificates in the X.509v3 format have been obtained.

Context

UltraVR provides the Tomcat certificate key store tomcat.keystore. The key store path is fixed to /opt/UltraVR/Runtime/Tomcat6/certs, and the default key store password is BCM@DataProtect123.
The new certificate cannot be saved in the /opt/UltraVR/Tomcat6/certs directory. The replace function will automatically copy the new certificate to this directory.
When deployed in distributed mode, the UltraVRs are deployed on the local server and peer end's server, respectively. If the Tomcat on the local server is updated, you need to re-import the CA certificate on the UltraVR at the peer end. For details about how to import a certificate, see Importing CA Certificates of Devices.
Stop the UltraVR only when no protection tasks or recovery plans are being executed in UltraVR.

Procedure

Use PuTTY to log in to the UltraVR management server as user root.
Run the TMOUT=0 command to prevent PuTTY from exiting due to session timeout.

After you run this command, the system continues to run even when no operation is performed, posing a security risk. Therefore, you are advised to run exit after completing operations.
Run the cd /opt/UltraVR/Runtime/bin command to navigate to the directory where certificate replacement scripts are stored.

In Linux, the installation path of the UltraVR Server is /opt/UltraVR. The path is fixed.
Run the sh shutdownSystem.sh command, enter y and then press Enter to stop the UltraVR.
Run the sh tomcat_cert_replace.sh command to replace the Tomcat certificate.
The following command output is displayed:
```
Please input cert file:
```
Enter the path of the key store and certificate file name. For example, enter /opt/jks.keystore and press Enter.
The following command output is displayed:
```
Please input the keystore type [JKS]:
```
Enter the file type of the key store (the JKS, JCEKS, and PKCS12 file type are supported) and press Enter.
The following command output is displayed:
```
Please input secret key:
```
Enter the correct password for the certificate and press Enter.
The following command output is displayed:
```
You are going to change the certfile of web,Are you sure you really want to perform the operation? (y/n):
```
If the entered password is incorrect, the following information is displayed: Certificate password error. You need to enter the correct password.
Enter y and press Enter.
If the following information is displayed, the certificate is successfully replaced.
```
Change certfile successfully!
```
Run the cd /opt/UltraVR/Runtime/bin command to navigate to the directory where the scripts are stored.
Run the sh startSystem.sh command to start the UltraVR.