Manualshelf

Installation guide

ManualsBrandsVMware ManualsOtherVCM 5.3 - TRANSPORT LAYER SECURITY IMPLEMENTATION
61626364656667686970
Prerequisites
n
Open the certificate store. See "Access the Windows Certificate Store" on page 68.
n
Import the certificate into the Agent machine. See "Import a Certificate on Windows" on page 69.
Procedure
1. Open a text editor. You need a blank page on which to temporarily paste some long values.
2. Browse to the store and certificate, right-click, and select Open.
3. Select the Details tab.
4. In the list of fields, select Subject.
5. In the lower pane, highlight and copy the entire common name value to a line in your text editor.
The common name is shown as CN={common-name-value}.
6. In the list of fields, select Thumbprint.
7. In the lower pane, highlight and copy the entire thumbprint to another line in your text editor.
The thumbprint is a series of 32-bit hexadecimal values separated by spaces.
8. In your text editor, carefully remove the spaces from the thumbprint so that it becomes one long
alphanumeric value.
9. Start the Registry editor (regedit).
10. Navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Configuresoft\CSI\5.0\Listener\Authorized
11. Add a new String Value (REG_SZ).
12. By pasting the common name from the text editor, rename the new String Value to perfectly match
the common name from the certificate.
13. By pasting the thumbprint from the text editor, modify the string value data so that it perfectly
matches the spaceless thumbprint.
14. Close the Registry editor.
Creating Certificates Using Makecert
VCM is designed to run in TLS mode with two levels of certificates. An Enterprise certificate is the ultimate
trusted authority. The Enterprise certificate signs all Collector certificates. All Agents have access to the
Enterprise certificate as a trusted authority. As a result, any Collector certificate can sign an Agent
certificate, and any Agent can mutually authenticate with multiple Collectors.
Some steps can be simplified if the Enterprise and Collector systems are the same machine or if the
Enterprise or Collector machines are certificate servers. In the following example, the Enterprise machine
is the same as the (first) Collector machine.
Obtain the SDK download from Microsoft, which includes the Makecert certificate creation tool, the
cert2spc software publisher certificate test tool, the pvkimprt PVK digital certificate files importer, and
related utilities. For more information, visit the Microsoft Developer Network and search for the
downloads by platform.
n
Pre-Vista. Windows Server 2003 SP1 Platform SDK full download
n
Vista. Windows SDK for Windows Server 2008 and .NET Framework version 3.5
VCM Security Guide
70
VMware, Inc.