Manualshelf

Installation guide

ManualsBrandsVMware ManualsOtherVCM 5.3 - TRANSPORT LAYER SECURITY IMPLEMENTATION
71727374757677787980
use <insert your VCM SB name here>
update ecm_sysdat_configuration_values
set configuration_value = upper(replace(
'xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx'
,' ',''))
where configuration_name='config_security_certificate_fingerprint'
Managing the VCM UNIX Agent Certificate Store
The VCM UNIX Agent certificate store is a protected data storage area that holds Enterprise and Collector
certificates for server authentication, and the Agent certificate and private key for mutual authentication.
Although this store is not encrypted, it is protected from casual viewing.
Much of the interaction with the VCM UNIX Agent certificate store is taken care of for the user. VCM
UNIX installation packages are updated with the Enterprise certificate if one is specified when the Collector
is installed. This certificate is inserted into the certificate store during the VCM UNIX Agent installation
process. The user can select an alternative certificate directory during the VCM UNIX Agent installation.
IMPORTANT The self-signed root of the trust chain for the Collector certificate is not always the Enterprise
certificate. In Linux and UNIX, you also must manually add the self-signed root of the trust chain for the
Collector certificate to the Agent certificate store, when the self-signed root is different than the Enterprise
certificate.
Additionally, when VCM Collector certificates are updated with extended expiration dates, in many cases
the new certificate is added to the store.
Using CSI_ManageCertificateStore
With the CSI_ManageCertificateStore command-line tool, you can view and modify the contents of the
VCM UNIX Agent certificate store.
In these examples, the UNIX VCM Agent was installed to the default location of /opt/CMAgent. If your
installation is different, adjust the instructions to fit your situation.
Environment Variables
Typically, CSI_ManageCertificateStore is run as root, but any login that is a member of the cfgsoft group
can run it as well.
To use CSI_ManageCertificateStore, first set the following environment variables:
LD_LIBRARY_PATH=/opt/CMAgent/CFC/3.0/lib:/opt/CMAgent/ThirdParty/1.0/lib:$
LD_LIBRARY_PATH
export LD_LIBRARY_PATH
CSI_REGISTRY_PATH=/opt/CMAgent
export CSI_REGISTRY_PATH
PATH=/opt/CMAgent/CFC/3.0/bin:$PATH
export PATH
For HPUX platforms, use SHLIB_PATH in place of LD_LIBRARY_PATH.
For AIX platforms, use LIBPATH in place of LD_LIBRARY_PATH.
Authentication
VMware, Inc.
75