6.5
Table Of Contents
- VMware vRealize Operations for Horizon Security
- Contents
- VMware vRealize Operations for Horizon Security
- Managing RMI Communication in vRealize Operations for Horizon
- Changing the Default TLS Configuration in vRealize Operations for Horizon
- Managing Authentication in vRealize Operations for Horizon
- Index
Replacing the Default Certificates
By default, the View adapter and the broker agent use self-signed certicates for authentication and data
encryption. For increased security, you can replace the default self-signed certicates with certicates that
are signed by a certicate authority.
Replace the Default Certificate for the View Adapter
A self-signed certicate is generated when you rst install the View adapter. The desktop message server
and the broker message server use this certicate by default to authenticate to the agents. You can replace
the self-signed certicate with a certicate that is signed by a valid certicate authority.
Prerequisites
n
Verify that you can connect to the node where the View adapter is running.
n
Verify that you have the password for certicate store. You can obtain the password from the
msgserver.properties le. See “View Adapter Certicate and Trust Store Files,” on page 16.
n
Become familiar with the Java keytool utility. Documentation is available at hp://docs.oracle.com.
Procedure
1 Log in to the node where the View adapter is running.
2 Navigate to the View adapter's work directory.
Platform Directory Location
Linux
/usr/lib/vmware-
vcops/user/plugins/inbound/V4V_adapter3/work
Windows
C:\vmware\vcenteroperations\user\plugins\inbound\V4V_adapte
r3\work
3
Use the keytool utility with the -selfcert option to generate a new self-signed certicate for the View
adapter.
Because the default self-signed certicate is issued to VMware, you must generate a new self-signed
certicate before you can request a signed certicate. The signed certicate must be issued to your
organization.
For example:
keytool –selfcert –alias v4v-adapter –dname dn-of-org –keystore v4v-adapter.jks
dn-of-org is the distinguished name of the organization to which the certicate is issued, for example,
"OU=Management Platform, O=VMware, Inc., C=US".
By default, the certicate signature uses the SHA1withRSA algorithm. You can override this default by
specifying the name of the algorithm with the -sigalg option.
4
Use the keytool utility with the -certreq option from the adapter work directory to generate a
certicate signing request.
A certicate signing request is required to request a certicate from a certicate signing authority.
For example:
keytool –certreq –alias v4v-adapter –file certificate-request-file -keystore v4v-adapter.jks
certicate-request-le is the name of the le that will contain the certicate signing request.
VMware vRealize Operations for Horizon Security
18 VMware, Inc.