2.6

ManualsBrandsVMware ManualsComputer equipmentACE

Table Of Contents

ACE Management Server Administrator’s Manual

ACE Management Server Administrator’s Manual

42 VMware, Inc.

Create New SSL Certificates and Keys for Each Server

IfyoudonotwanttousethesameSSLcertificateandkeyforeachACEManagementServ er,youmustcreate

newSSLcertificatesandkeysforeachserver.

IfyouplantoobtainSSLcertificatesfromacertificateauthority,youmustcreatecertificatechains.Figure 5‐2

providesanoverviewof

determiningwhichcertificatesareincludedinachain.

Figure 5-2. Creating the Certificate Chain File

To create new SSL certificates and keys for each server

1 CreateasmanySSLcertificateandkeypairsasyouneed(oneforeachserverinyourserverfarm).

Theprocedurevaries,dependingonthetoolsyouuse.Todeterminehowtocreatethesecertificatesand

keys,seethedocumentationfor

yourplatform.Eachcertificatemusthaveauniquecommonnameanda

uniqueserialnumber.

2Ifyourcertificatesrequireacertificatechaintobeverified,createacertificatechainfileforeachcertificate.

Thecertificatechainfileisatextfilethatcontainseverycertificate(inPEMformat)neededtoverifythe



leafcertificate(includingtherootcertificateofthechain).

a Downloadtheverificationchainfromyourcertificateauthority.

b EachcertificatemustbeinPEMformatbeforeyoucreatethecertificatechainfile.

ToconverttoPEMformat,usetheopenSSLtoolsavailableonline.

c CreatethecertificatechainfilebyconcatenatingeachPEM

‐encodedcertificateintoonefile.

 Ifbothofyourcertificatesareself‐signed,yourcertificatechainfilemustbeafilethatcontains

bothcertificatesconcatenated.

 Ifyoureceivedyourcertificatesfromthesamecertificateauthority,thechainfilemustcontain

onlytheverificationchainforthesecertificates,andthechainsmustbethesame.

 Ifthecertificatescomefromdifferentcertificateauthorities,thechainfilemustcontainboth

certificateverificationchains.

Forexample,ifyouareusingtwoACEManagementServerinstancesyouhavetwocertificatechainfiles.

[Root SSL Certificate in PEM format]

[Intermediary SSL Certificate in PEM format]

[AMS #1 SSL Certificate in PEM format]

convert to PEM

then append to file

convert to PEM

then append to file

convert to PEM

then append to file

convert to PEM

then append to file

certificate

verification

chain

Server SSL

Certificates

Certificate Chain File

Root SSL Certificate

Intermediary SSL Certificate

ACE Management Server #1

SSL Certificate

ACE Management Server #2

SSL Certificate