6.2
Table Of Contents
- VMware vRealize Operations for Horizon Security
- Contents
- VMware vRealize Operations for Horizon Security
- Managing RMI Communication in vRealize Operations for Horizon
- Changing the Default TLS Configuration in vRealize Operations for Horizon
- Managing Authentication in vRealize Operations for Horizon
- Index
Replacing the Default Certificates
By default, the View adapter and the broker agent use self-signed certificates for authentication and data
encryption. For increased security, you can replace the default self-signed certificates with certificates that
are signed by a certificate authority.
Replace the Default Certificate for the View Adapter
A self-signed certificate is generated when you first install the View adapter. The desktop message server
and the broker message server use this certificate by default to authenticate to the agents. You can replace
the self-signed certificate with a certificate that is signed by a valid certificate authority.
Prerequisites
n
Verify that you can connect to the node where the View adapter is running.
n
Verify that you have the password for certificate store. You can obtain the password from the
msgserver.properties file. See “View Adapter Certificate and Trust Store Files,” on page 16.
n
Become familiar with the Java keytool utility. Documentation is available at http://docs.oracle.com.
Procedure
1 Log in to the node where the View adapter is running.
2 Navigate to the View adapter's work directory.
Platform Directory Location
Linux
/usr/lib/vmware-
vcops/user/plugins/inbound/V4V_adapter3/work
Windows
C:\vmware\vcenteroperations\user\plugins\inbound\V4V_adapte
r3\work
3
Use the keytool utility with the -selfcert option to generate a new self-signed certificate for the View
adapter.
Because the default self-signed certificate is issued to VMware, you must generate a new self-signed
certificate before you can request a signed certificate. The signed certificate must be issued to your
organization.
For example:
keytool –selfcert –alias v4v-adapter –dname dn-of-org –keystore v4v-adapter.jks
dn-of-org is the distinguished name of the organization to which the certificate is issued, for example,
"OU=Management Platform, O=VMware, Inc., C=US".
By default, the certificate signature uses the SHA1withRSA algorithm. You can override this default by
specifying the name of the algorithm with the -sigalg option.
4
Use the keytool utility with the -certreq option from the adapter work directory to generate a
certificate signing request.
A certificate signing request is required to request a certificate from a certificate signing authority.
For example:
keytool –certreq –alias v4v-adapter –file certificate-request-file -keystore v4v-adapter.jks
certificate-request-file is the name of the file that will contain the certificate signing request.
VMware vRealize Operations for Horizon Security
18 VMware, Inc.