Manualshelf

Installation guide

ManualsBrandsVMware ManualsOtherVCM 5.3 - TRANSPORT LAYER SECURITY IMPLEMENTATION
71727374757677787980
Create the Enterprise Certificate and First Collector Certificate
In this process, the Enterprise and first Collector systems are the same machine. See "Makecert Options" on
page 72 for details about the command-line switches used here.
1. Type the following command to create the CM Enterprise certificate:
makecert -pe -n "<enterprise-cert-name>" -ss Root -sr LocalMachine -r -sky
exchange -sk "<enterprise-key-name>" -b mm/dd/yyyy -e mm/dd/yyyy -len 1024
-h 2 -cy authority -eku 1.3.6.1.5.5.7.3.1 <filename[.cer | .pem]>
Example
makecert -pe -n "CN = CM Enterprise Certificate AAAAAA" -ss Root -sr
LocalMachine -r -sky exchange -sk "CM Enterprise Certificate AAAAAA" -len
1024 -h 2 -cy authority -eku 1.3.6.1.5.5.7.3.1
NOTE VCM programmatically embeds a long GUID, represented by AAAAAA or BBBBBB, in the
Common Name to ensure that the name is unique. You do not need a long GUID in the manual
process though. Any unique identifier is sufficient.
2. Type the following command to create the first Collector certificate, signed by the Enterprise
certificate.
makecert -pe -n "<collector-cert-name>" -ss My -sr LocalMachine -sky
exchange –sk <collector-cert-name> -b mm/dd/yyyy -e mm/dd/yyyy -len 1024 –
in <Enterprise_cert_common_name> -is Root -ir LocalMachine -cy authority
<collector-cert-name.[cer|pem]>
When the Enterprise machine is separate, and the Enterprise certificate is not stored with its private key on
the Collector, follow the steps for creating an additional Collector, but use them to create the first
Collector. See "Create Certificates for Additional Collectors" on page 71.
Create Certificates for Additional Collectors
If you need additional Collectors, or if the first Collector is a different machine from the Enterprise system,
create additional Collector certificates signed by the Enterprise certificate. This process is supported even if
the original certificates were generated by the VCM Installation Manager.
Follow these steps on the Enterprise machine, because you must access the private key for the Enterprise
certificate. You are creating an installable file that includes the new Collector private key, without storing
that key on the Enterprise machine. See "Makecert Options" on page 72 for details about the command-line
switches used here.
1. Type the following command:
makecert -pe -n "<collector-cert-name>" -sky exchange -sv "<collector-
cert-key-file>" -b mm/dd/yyyy -e mm/dd/yyyy -len 1024 -in "<Enterprise_
cert_common_name>" -is Root -ir LocalMachine -cy authority -eku
1.3.6.1.5.5.7.3.1 " <collector-cert-name.[pem|cer]>"
Authentication
VMware, Inc.
71