Manualshelf

Specifications

ManualsBrandsVMware ManualsComputer equipmentGSX Server 3 Administration
111112113114115116117118119120
CHAPTER 4 Managing Virtual Machines and the VMware GSX Server Host
113
With SSL enabled, GSX Server creates security certificates and stores them on your
host. However, the certificates used to secure your VMware Management Interface
sessions are not signed by a trusted certificate authority; therefore they do not
provide authentication. If you intend to use encrypted remote connections externally,
you should consider purchasing a certificate from a trusted certificate authority.
With SSL enabled, the console and management interface perform exactly as they do
when SSL is disabled.
When SSL is enabled for the VMware Virtual Machine Console, a lock icon appears in
the lower right corner of the console window. Any consoles that are already open at
the time SSL is enabled do not become encrypted, and the lock icon does not appear
in these console windows. You must close these consoles and start new console
sessions to ensure encryption.
When SSL is enabled for the VMware Management Interface, the URL to connect to
the management interface is https://<hostname>:8333. The management
interface automatically redirects users to this URL if they use the insecure URL
(http://<hostname>:8222) to connect. A lock icon appears in the status bar of
the browser window.
If you disable SSL, users are automatically redirected to
http://<hostname>:8222 if they use https://<hostname>:8333 to
connect to the management interface.
Note: If SSL is disabled then enabled again, any new management interface
connections to the non-secure port (8222) are not redirected.
Using Your Own Security Certificates
If you prefer, you can use your own security certificate when you enable SSL.
On a Windows host, run the Microsoft Management Console (mmc.exe) and select
your certificate. When you upgrade the VMware Management Interface on a GSX
Server for Windows host, you need to reassign your certificate to the management
interface.
On a Linux host, the VMware Management Interface certificate must be placed in
/etc/vmware-mui/ssl. The management interface certificate consists of two
files: the certificate itself (mui.crt) and the private key file (mui.key). The private
key file should be readable only by the root user.
When you upgrade the VMware Management Interface on a Linux host, the certificate
remains in place and, in case you removed the management interface, the directory is
not removed from your host.