Manualshelf

Installation guide

ManualsBrandsVMware ManualsOtherVCM 5.3 - TRANSPORT LAYER SECURITY IMPLEMENTATION
71727374757677787980
Example
makecert -pe -n "CN=CM Collector Certificate BBBBBB" -sky exchange -sv "CM
Collector BBBBBB.pvk" -b 04/07/2008 -e 04/07/2018 -len 1024 -in "CM
Enterprise Certificate AAAAAA" -is Root -ir LocalMachine -cy authority -
eku 1.3.6.1.5.5.7.3.1 "CM Collector BBBBBB.pem"
2. Type the following command to convert the x509 certificate file to a file-based certificate store in the
named SPC file.
cert2spc <collector-cert-name>.cer <collector-cert-name>.spc
Example
cert2spc "Collector Certificate BBBBBB.cer" "Collector Certificate
BBBBBB.spc"
3. Type the following command to export the file-based certificate store, that contains the certificate, and
the private key in the key file to a PFX file.
pvkimprt -pfx <collector-cert-name>.spc <collector-cert-key-file>
This launches the Certificate Export Wizard. Select Yes, and export the private key. Keep the PFX
format. Clear all of the check boxes. Optionally, choose a password for secure transport of the file
(recommended).
Example
vkimprt -pfx "CM Collector Certificate BBBBBB.spc" "CM Collector
Certificate BBBBBB.pvk"
4. Remove your temporary files, especially the key file.
5. Move the PFX file containing the new Collector certificate and the Enterprise certificate export file to
the new Collector machine.
The Enterprise certificate file is located in the CollectorData folder of the initial Collector, typically
C:\Program Files\VMware\VCM\CollectorData, or you can export it from the local machine
trusted root system store. The export file has a .pem extension.
NOTE An alternative way to make a certificate for an additional Collector is to generate a key pair and
certificate request on the additional Collector machine, and move only that.
Importing Certificates for Additional Collectors
After you create certificates for an additional Collector, import them to the additional Collector before you
install VCM. See "Import a Certificate on Windows" on page 69
n
Import the Enterprise certificate to the local machine trusted root store on the additional Collector.
n
Import the Collector certificate to the local machine personal store on the additional Collector.
IMPORTANT If you are replacing certificates, also import the Enterprise certificate to the Agent certificate
stores on managed machines. See "Delivering Initial Certificates to Agents" on page 66.
Makecert Options
When you use Makecert commands, you can use options to specify the results in the utility output.
VCM Security Guide
72
VMware, Inc.