6.0.3

ManualsBrandsVMware ManualsApplicationsvCenter Server

101

102

103

104

105

106

107

108

109

110

Table Of Contents

vSphere Security

c Generate a certicate for the vpxd solution user on each management node.

C:\>"C:\Program Files\VMware\vCenter Server\vmcad\"certool --gencert --cert=new-vpxd.crt

--privkey=vpxd-key.priv --Name=vpxd --server=<psc-ip-or-fqdn>

d Generate a certicate for the vpxd-extensions solution user on each management node.

C:\>"C:\Program Files\VMware\vCenter Server\vmcad\"certool --gencert --cert=new-vpxd-

extension.crt --privkey=vpxd-extension-key.priv --Name=vpxd-extension --server=<psc-ip-

or-fqdn>

e Generate a certicate for the vsphere-webclient solution user on each management node by

running the following command.

C:\>"C:\Program Files\VMware\vCenter Server\vmcad\"certool --gencert --cert=new-vsphere-

webclient.crt --privkey=vsphere-webclient-key.priv --Name=vsphere-webclient --

server=<psc-ip-or-fqdn>

3 Replace the solution user certicates in VECS with the new solution user certicates.

N The --store and --alias parameters have to exactly match the default names for services.

a On the Platform Services Controller node, run the following command to replace the machine

solution user certicate:

C:\>"C:\Program Files\VMware\vCenter Server\vmafdd\"vecs-cli entry delete --store

machine --alias machine

C:\>"C:\Program Files\VMware\vCenter Server\vmafdd\"vecs-cli entry create --store

machine --alias machine --cert new-machine.crt --key machine-key.priv

b Replace the machine solution user certicate on each management node:

C:\>"C:\Program Files\VMware\vCenter Server\vmafdd\"vecs-cli entry delete --store

machine --alias machine

C:\>"C:\Program Files\VMware\vCenter Server\vmafdd\"vecs-cli entry create --store

machine --alias machine --cert new-machine-vc.crt --key machine-vc-key.priv

c Replace the vpxd solution user certicate on each management node.

C:\>"C:\Program Files\VMware\vCenter Server\vmafdd\"vecs-cli entry delete --store vpxd --

alias vpxd

C:\>"C:\Program Files\VMware\vCenter Server\vmafdd\"vecs-cli entry create --store vpxd --

alias vpxd --cert new-vpxd.crt --key vpxd-key.priv

d Replace the vpxd-extension solution user certicate on each management node.

C:\>"C:\Program Files\VMware\vCenter Server\vmafdd\"vecs-cli entry delete --store vpxd-

extension --alias vpxd-extension

C:\>"C:\Program Files\VMware\vCenter Server\vmafdd\"vecs-cli entry create --store vpxd-

extension --alias vpxd-extension --cert new-vpxd-extension.crt --key vpxd-extension-

key.priv

e Replace the vsphere-webclient solution user certicate on each management node.

C:\>"C:\Program Files\VMware\vCenter Server\vmafdd\"vecs-cli entry delete --store

vsphere-webclient --alias vsphere-webclient

C:\>"C:\Program Files\VMware\vCenter Server\vmafdd\"vecs-cli entry create --store

vsphere-webclient --alias vsphere-webclient --cert new-vsphere-webclient.crt --key

vsphere-webclient-key.priv

Chapter 3 vSphere Security Certificates

VMware, Inc. 109