2.7
Table Of Contents
- ACE Management Server Administrator’s Manual
- Contents
- About This Book
- Introduction
- Planning an ACE Management Server Deployment
- Installing and Configuring ACE Management Server
- Configuration Options for ACE Management Server
- Prerequisites for Configuring the Server
- Starting ACE Management Server Configuration
- Viewing and Changing Licensing Information
- Using an External Database
- Creating Access Control
- Uploading Custom SSL Certificates
- Logging Events
- Applying Configuration Settings
- Load-Balancing Multiple ACE Management Server Instances
- Typical Setup Using Load-Balanced ACE Management Server Instances
- Install the Required Services for Load Balancing
- Use the Same SSL Certificate on All Servers
- Create New SSL Certificates and Keys for Each Server
- Installing and Configuring the Load Balancer
- Verify That ACE Instances Are Using the Load Balancer
- Managing ACE Instances
- Viewing ACE Instances That the Server Manages
- Search for an Instance
- Sort by Column Heading and Change Column Width
- Show, Hide, and Move Columns in the Instance View
- Create or Delete Custom Columns in the Instance View
- View Instance Details
- Reactivate, Deactivate, or Delete an ACE Instance
- Change a Copy Protection ID
- Reset the Authentication Password
- Add Information for Custom Columns
- Troubleshooting and Maintenance
- Appendix: Database Schema and Audit Event Log Data
- Glossary
- Index
VMware, Inc. 51
Chapter 7 Troubleshooting and Maintenance
To restore a backup copy of an SSL certificate
1 NavigatetotheACEManagementServerdirectorywherethebackupisstored.
Thefilenamesusethefollowingformat:
<certificate_filename>.<date>-<time>
The<certificate_filename>valueisoneofthefollowing:
server.crt–Theserverpubliccertificate
server.key–Theserverprivatekey
chain.crt–Thecertificatechain
The <date>portionofthefilenameisintheformatYYYYMMDD(year,month,day).
The <time>portionofthefilenameisintheformatHHMMSS(hours,minutes,seconds).
Forexample,afilenamemightbeserver.crt.20070216-095344.
2 Savethefileinthecorrectlocationasssl/<filename>.crt and restarttheApacheservermanually.
See“VerifyThattheApacheServiceIsStartedorRestarted”onpage 23.
3StarttheACEManagementServerSetupapplicationandusetheCustomSSLCertificatestabtoupload
thebackupcopy.
“StartandConfigureACEManagementServer”onpage 24.
Configuring Multiple ACE Management Server Instances to Use SSL
YoumightconfiguremultipleACEManagementServerinstancestouseSSLinthefollowingscenarios:
Multipleserversbehindoneormoreproxyservers:
EachservercanhaveitsownSSLkeyandcertificate(ACEManagementServerandproxyserver).
Thecert_chainfilemustcontainthecertificatefileandverificationchainfortheSSLcertificatesthat
theproxyserversareusing.Placethiscert_chainfileineachACEManagementServer.
Whenself‐signedcertificatesarebeingused,theactualcertificateistheverificationchain.Thechain
filecontainseachself‐signedcertificatebeingthattheproxiesareusing.
Youcanalsousethesamekeyandcertificateforeveryserverandproxy.Inthiscase,youdonotneed
tocreateacert_chainfile.
Eachcertificatemusthaveauniquecommonname.
MultipleserversusingDNSroundrobin:
EachservercanhaveitsownSSLkeyandcertificate(ACEManagementServerandproxyserver).
Thecert_chainfilemustcontainthecertificateandverificationchainforeverycertificatethatthe
serversuse.PlacethiscertificatechainfileineachACEManagementServer.
Whenself‐signedcertificatesarebeingused,theactualcertificateistheverificationchain.Thechain
filecontainseachself‐signedcertificatethateachoftheserversisusing.
Youcanusethesamekeyandcertificateforeveryserver.Inthiscase,youdonotneedtocreatea
cert_chainfile.
SeealsoChapter 5,“Load‐BalancingMultipleACEManagementServerInstances,”onpage 37.