Manualshelf

Installation guide

ManualsBrandsVMware ManualsOtherVCM 5.3 - TRANSPORT LAYER SECURITY IMPLEMENTATION
61626364656667686970
Replace Only the Collector Certificate
After VCM installation, you can replace the certificates generated or selected during installation. To replace
only the Collector certificate, follow these steps.
1. Create or obtain a new Collector certificate (and associated private key) that is signed by the
Enterprise certificate.
To create a Collector certificate using the Makecert certificate creation tool, see "Creating Certificates
Using Makecert" on page 70.
2. Import the Collector certificate and the private key to the personal store on the VCM Collector.
3. Update the Collector certificate thumbprint in the VCM Collector database.
See "Update the Collector Certificate Thumbprint in the VCM Database" on page 74
4. Restart the Collector service.
Delivering Initial Certificates to Agents
VCM Agents use the Enterprise certificate to validate Collector certificates, so the Agent must store a copy
of the Enterprise certificate as a trusted certificate. In most cases, VCM delivers and installs the Enterprise
certificate as needed to the Agent. When installing or updating the Agent over HTTP from the Collector,
the Enterprise certificate that is installed on the Agent comes from the CollectorData folder on the
Collector.
n
In a new Agent installation, all module files are installed. The Enterprise certificate is installed if and
when the EcmComSocketListenerService module is installed. If the Enable HTTP option is not chosen
for the installation, then the module and certificate are not installed.
n
All upgrades of HTTP-enabled Agents from non-TLS Agents to TLS Agents receive a new version of
the EcmComSocketListenerService and the Enterprise certificate. This also applies to upgrades that you
perform with the "License and Install Agent on Discovered Machines" option when discovering
machines in VCM.
Installing the Agent
You can use several methods to install the Agent.
n
Install from disk media on Windows
n
Run CMAgtInstall.exe over a network share on Windows
n
Use Linux, UNIX, or Mac OS X packages
n
Use a provisioning system
Installing on Windows with Disk Media
The VCM installation DVD does not contain certificates for Agents. Instead, the Agent installer requests
the location of your VCM certificate, so you must have it preloaded on the managed machine before
installing. To do so, copy the certificate file with the .pem extension from the CollectorData folder of the
Collector.
VCM Security Guide
66
VMware, Inc.