5.6
Table Of Contents
- VMware vCenter Configuration Manager Security Guide
- Contents
- About This Book
- Introduction to VCM Security
- Domain Infrastructure
- VCM Installation Kits
- Server Zone Security
- VCM Collector Server
- SQL Server
- Web Server
- VCM Agent Systems and Managed Machines
- VCM User Interface System
- Software Provisioning Components
- Operating System Provisioning Components
- Decommissioning
- Authentication
- Transport Layer Security
- Keys and Certificates
- How VCM Uses Certificates
- Installing Certificates for the VCM Collector
- Changing Certificates
- Delivering Initial Certificates to Agents
- Storing and Transporting Certificates
- Mark a Certificate as Authorized on Windows
- Creating Certificates Using Makecert
- Update the Collector Certificate Thumbprint in the VCM Database
- Managing the VCM UNIX Agent Certificate Store
- Supplemental References
- Index
Option Description
-n <enterprise-cert-name> Subject of the Enterprise certificate.
Must be a valid x509 identifier. Enterprise certificates generated by
the VCM installer have the form:
"CN=VMware VCM Collector Certificate AAAAAA, T=VMware
VCM Certificate 7529006C-222F-4EBF-A7E7-F6AB15DB626F,
O=<customer_name>"
n
CN: Generic name based on a GUID generated for each set of
certificates created. Required.
n
T: Static field identifying VCM generated certificates and is the
same for all generated certificates. Optional.
n
OU: Static field. Optional.
n
O: Contains the customer name identified in the license file.
Optional.
-pe Make the private key exportable.
-r Self sign the certificate.
-sk <collector-key-name> Names the key container, for easy reference later. This name does
not need to be related to the certificate name.
-sk <enterprise-key-name> Names the key container, for easy reference later. This name does
not need to be related to the certificate name.
-sky exchange Use the key exchange key pair, rather than the signature key pair.
-sr LocalMachine Specifies the subject's certificate store location. VCM and the
examples use LocalMachine.
-ss My Specifies the subject's certificate store name that stores the output
certificate. My designates the personal certificate store.
-ss Root Specifies the subject's certificate store name that stores the output
certificate. Root designates the Trusted Root certificate store.
-sv <collector-cert-key-file> Store the private key in a file instead of the CSP. The extension is
usually .svk or .pvk.
Update the Collector Certificate Thumbprint in the VCM Database
When you have a new certificate, update the Collector certificate thumbprint in the VCM database.
Procedure
1. In MMC, right click the Collector certificate and select Open.
2. Click the Details tab.
3. Scroll down to the Thumbprint. Copy the value to the clipboard or a text editor.
4. Create and run the following SQL script to update the certificate in the VCM Collector database.
Replace xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx with your Collector certificate
VCM Security Guide
74
VMware, Inc.