6.1.1

Table Of Contents

Application Discovery Manager Administration Guide

30 VMware, Inc.

6Placeyourcursorattheendofthelineandappendthelinebytyping:

single

7PressEntertocommitthechange.

8Pressbtostartthesystem.

Yoursystemstartswithoutrequiringapassword.

9Typethefollowingcommandtoresetthepassword:

passwd

10 Followthepromptsastheyappearonthescreentosetthepassword.

11 Typethefollowingcommandtorestartthesystem:

reboot

Yourpasswordischangedandrestartsthesystem.

OpenSSL Self-Signed Test Certificates

TheVMwarevCenterApplicationDiscoveryManagerdefaultinstalledcertificateiscreatedduringthe

installationandisvalidforoneyeartousetheapplianceuntilyouacquirealocalCertificateAuthority(CA).

Public‐facingsecureWebsitesmustuseathird‐partyCA.Ifyouwanttousetheapplianceintestenvironment

andthendeploythatappliancetoaproductionenvironment,youmustnotchangethehostnameastheADM

doesnotsupportchangingthehostname.Instead,youcansetupanaliasintheDNStoresolvetheappliance

hostname.

CA Signed Test Certificates

TocreateCAsignedcertificates,youmustgenerateacertificaterequestfile(csr).Thecertificaterequestfile

providesdetailsabouttherequesterofthecertificateandthecertificateissignedbytheprivatekeyaboveto

yourtrustedcertificateauthority.

Createthecertificaterequestbytyping:

openssl req -new -key server.key -out server.csr

FillintheX.509attributesasspecifiedpreviously.FormoredetailsconsultyourCA.

ToinstallthecertificateprovidedbyyourCA,performthestepsdescribedin“Copyingthe.keyand.crtFiles”

onpage 31.

FreeCAproviders,ashttp://www.cacert.orgexist.

Self-Signed Certificates

Useself‐signedcertificatesonlyinthetestenvironments,orwhereonlyalimitednumberofconnectionsis

established.Forexample,peer‐to‐peerrelationshipscanbeacustomVPNorAS2linkbetweentwocompanies,

orbetweentwodifferentsitesofthesamecompany.Self‐signedcertificatesbecomeimpracticalas

thenumber

ofcertificatesnecessarytomanagegrowslinearlywiththenumberofpeeringrelationships.AlocalCA,while

morecomplextosetup,reducesthenumberofkeysrequiredtobedistributedforverification,andreplicates

areal‐worldcertificateenvironment.ACAcancostlesstomanagethanhundreds

orthousandsofindividual

certificatesoneachpeersystem.

Certificatecreationrequirestheopensslutility.TheopensslutilityislocatedintheADMappliancefolder.

/usr/bin/openssl

NOTEYoucanalsoresettheADMrootpasswordbyrunningsystem_setupcommand.

NOTEDonotusetheself‐signedcertificatesinproductionenvironments.