Importing CA Certificates of Devices

Prerequisites

• A cross-platform remote access tool, such as PuTTY, has been obtained.
• If the UltraVR management server runs Linux, the password of user root or DRManager has been obtained.
• Devices' CA certificates to be added have been obtained and the certificates are in the X.509v3 format.

Context

• The UltraVR provides the key store bcm.keystore to which the CA certificate of the device is imported. The key store path is fixed to /opt/UltraVR/Runtime/LegoRuntime/certs, and the default key store password is BCM@DataProtect123.
• The UltraVR has preset CA certificates of the remote UltraVR. Therefore, you do not need to import the CA certificates of the remote UltraVR (bcmrootca).
• Note the following when importing CA certificates to the UltraVR:
• If there are CA certificates of multiple levels, import all the CA certificates.
• If multiple devices use a same CA certificate, import the CA certificate once only.
• If the system reports a certificate alarm, restart the UltraVR after CA certificates are imported.
• Stop the UltraVR only when no protection tasks or recovery plans are being executed in UltraVR.

If no CA certificate is imported or the device certificate expires, UltraVR generates a certificate alarm by default. You can disable certificate alarming if you do not want UltraVR to generate certificate alarms. For details about how to disable certificate alarming, see Disabling Certificate Alarming.

Procedure

For details about how to import a device CA certificate, see Importing a Client Certificate.

Follow-up Procedure

When CA on the device is updated, you need to import the new CA certificate by referring to Importing a Client Certificate. Replace the old certificate by keeping the certificate alias the same as the old certificate alias.