6.2
Table Of Contents
- VMware vRealize Operations for Horizon Security
- Contents
- VMware vRealize Operations for Horizon Security
- Managing RMI Communication in vRealize Operations for Horizon
- Changing the Default TLS Configuration in vRealize Operations for Horizon
- Managing Authentication in vRealize Operations for Horizon
- Index
2
Use the keytool utility with the -selfcert to generate a new self-signed certificate.
Because the default self-signed certificate is issued to VMware, you must generate a new self-signed
certificate before you request a signed certificate. The signed certificate must be issued to your
organization.
For example:
keytool –selfcert –alias v4v-brokeragent –dname dn-of-org –keystore v4v-brokeragent.jks
dn-of-org is the distinguished name of the organization to which the certificate is issued, for example,
"OU=Management Platform, O=VMware, Inc. , C=US".
By default, the certificate signature uses the SHA1withRSA algorithm. You can override this default by
specifying the name of the algorithm in the keytool utility.
3
Use the keytool utility with the -certreq option to generate the certificate signing request.
A certificate signing request is required to request a certificate from a certificate signing authority.
For example:
keytool –certreq –alias v4v-brokeragent –file certificate-request-file -keystore v4v-
brokeragent.jks
certificate-request-file is the name of the file that will contain the certificate signing request.
4 Upload the certificate signing request to a certificate authority and request a signed certificate.
If the certificate authority requests a password for the certificate private key, use the password
configured for the certificate store.
The certificate authority returns a signed certificate.
5
Copy the certificate file to the conf directory and run the keytool utility with the -import option to
import the signed certificate into the certificate store for the broker agent.
You must import the certificate file to the certificate store for the broker agent so that the broker agent
can start using the signed certificate.
For example:
keytool –import –alias v4v-brokeragent –file certificate-filename -keystore v4v-
brokeragent.jks
certificate-filename is the name of the certificate file from the certificate authority.
6
Run the keytool utility with the -import option to import the certificate authority root certificate into
the trust store file for the broker agent.
For example:
keytool -import -alias aliasname -file root_certificate -keystore v4v-truststore.jks -
trustcacerts
root_certificate is the name of the certificate authority root certificate.
7 Restart the broker agent to start using the new certificate.
You can restart the broker agent by using the vRealize Operations Horizon Broker Agent Settings
wizard, or by restarting the vRealize Operations Horizon Broker Agent Service.
What to do next
After you restart the broker agent, you must pair it with the View adapter. See “Certificate Pairing,” on
page 21.
VMware vRealize Operations for Horizon Security
20 VMware, Inc.