Reference Guide
Table Of Contents
- OpenManage Integration for VMware vCenter version 5.3 Security Configuration Guide
- Figures
- Tables
- PREFACE
- Terms used in this document
- Deployment models
- Product and Subsystem Security
- Security controls map
- Authentication
- Login security settings
- Authentication types and setup considerations
- User and credential management
- Network security
- Data security
- Cryptography
- Auditing and logging
- Serviceability
- OMIVV OS update
- Product code integrity
- Miscellaneous Configuration and Management
● Digital signatures
Manage certificate
OMIVV uses certificates for secure HTTP access (HTTPS).
By default, OMIVV installs and uses the self-signed certificate for the HTTPS secure transactions.
For stronger security, it is recommended to use the Certificate Authority (CA) signed or custom certificates.
The self-signed certificate is sufficient to establish an encrypted channel between web browsers and the server. The self-signed
certificate cannot be used for authentication.
You can use the following types of certificates for OMIVV authentication:
● A self-signed certificate
OMIVV generates self-signed certificates when the hostname of the appliance changes.
● A certificate that is signed by a trusted certificate authority (CA) vendor.
NOTE: Consider company policies when creating certificates.
Update certificates for registered vCenter servers
About this task
The OpenManage Integration for VMware vCenter uses the OpenSSL API to create the Certificate Signing Request (CSR) by
using the RSA encryption standard with a 2048–bit key length.
If the certificate is changed on a vCenter server, use the following tasks to import the new certificate for OMIVV:
Steps
1. Go to https://<Appliance IP or hostname>.
2. In the left pane, click VCENTER REGISTRATION.
The registered vCenter servers are displayed in the working pane.
3. To update the certificate for a vCenter server IP or hostname, click Update.
Generate a Certificate Signing Request (CSR)
Prerequisites
By default, OMIVV has self-signed certificate. If you need customized Certificate Authority (CA)-signed certificate for OMIVV, it
is recommended to upload new certificate before vCenter registration.
About this task
Generating a new CSR prevents certificates that were created with the previously generated CSR from being uploaded to the
appliance. To generate a CSR, do the following:
Steps
1. On the APPLIANCE MANAGEMENT page, click Generate Certificate Signing Request in the HTTPS CERTIFICATES
area.
A message is displayed stating that if a new request is generated, certificates that is created using the previous CSR can no
longer be uploaded to the appliance. To continue with the request, click Continue.
2. If you continue with the request, in the GENERATE CERTIFICATE SIGNING REQUEST dialog box, enter information
about the common name, organization name, locality, state, country, email address, and Subject Alternate Name (SAN), and
then click Continue.
NOTE: OMIVV does not support multiple values for SAN.
3. Click Download, and then save the resulting CSR to an accessible location.
Product and Subsystem Security
21