6.4
Table Of Contents
- VMware vRealize Operations for Horizon Security
- Contents
- VMware vRealize Operations for Horizon Security
- Managing RMI Communication in vRealize Operations for Horizon
- Changing the Default TLS Configuration in vRealize Operations for Horizon
- Managing Authentication in vRealize Operations for Horizon
- Index
2
Use the keytool utility with the -selfcert to generate a new self-signed certicate.
Because the default self-signed certicate is issued to VMware, you must generate a new self-signed
certicate before you request a signed certicate. The signed certicate must be issued to your
organization.
For example:
keytool –selfcert –alias v4v-brokeragent –dname dn-of-org –keystore v4v-brokeragent.jks
dn-of-org is the distinguished name of the organization to which the certicate is issued, for example,
"OU=Management Platform, O=VMware, Inc. , C=US".
By default, the certicate signature uses the SHA1withRSA algorithm. You can override this default by
specifying the name of the algorithm in the keytool utility.
3
Use the keytool utility with the -certreq option to generate the certicate signing request.
A certicate signing request is required to request a certicate from a certicate signing authority.
For example:
keytool –certreq –alias v4v-brokeragent –file certificate-request-file -keystore v4v-
brokeragent.jks
certicate-request-le is the name of the le that will contain the certicate signing request.
4 Upload the certicate signing request to a certicate authority and request a signed certicate.
If the certicate authority requests a password for the certicate private key, use the password
congured for the certicate store.
The certicate authority returns a signed certicate.
5
Copy the certicate le to the conf directory and run the keytool utility with the -import option to
import the signed certicate into the certicate store for the broker agent.
You must import the certicate le to the certicate store for the broker agent so that the broker agent
can start using the signed certicate.
For example:
keytool –import –alias v4v-brokeragent –file certificate-filename -keystore v4v-
brokeragent.jks
certicate-lename is the name of the certicate le from the certicate authority.
6
Run the keytool utility with the -import option to import the certicate authority root certicate into
the trust store le for the broker agent.
For example:
keytool -import -alias aliasname -file root_certificate -keystore v4v-truststore.jks -
trustcacerts
root_certicate is the name of the certicate authority root certicate.
7 Restart the broker agent to start using the new certicate.
You can restart the broker agent by using the vRealize Operations Horizon Broker Agent Seings
wizard, or by restarting the vRealize Operations Horizon Broker Agent Service.
What to do next
After you restart the broker agent, you must pair it with the View adapter. See “Certicate Pairing,” on
page 21.
VMware vRealize Operations for Horizon Security
20 VMware, Inc.