6.0
Table Of Contents
- vSphere Web Services SDK Developer’s Setup Guide
- Contents
- About the vSphere Web Services SDK
- Knowledge Required for Using the vSphere Web Services SDK
- Programming Languages Supported by the vSphere Web Services SDK
- Types of Applications That You Can Build Using This SDK
- Downloading the vSphere Web Services SDK
- vSphere Web Services SDK Package Contents
- SDK Versions and VMware vSphere Product Compatibility
- Setting Up for Java Development
- Setting Up for Microsoft C# Development
- vSphere Server Certificates
- Scripting the C# DLL Build
- Index
VMware, Inc. 25
A
The VMware vSphere API is available as a secure Web service. Secure Web service means that, by default, ESX,
ESXi, and vCenter Server are configured for HTTPS and support SSL to encrypt communications. This
appendix explains how to manage the certificates needed for secure communications.
This appendix includes these topics:
“Secure Client-Server Communications” on page 25
“Simplified Security Setup for Development Environment” on page 25
“Obtaining Server Certificates” on page 26
“Modifying Server Configurations to Support HTTP” on page 27
Secure Client-Server Communications
To connect to the server using HTTPS, client applications must verify the identify of the server by using the
server’s certificate during an initial handshake. The client must obtain the server certificate in advance, so that
it is available during the handshake. See “Obtaining Server Certificates” on page 26.
To connect to the server using HTTP requires that you first modify the target server’s default configuration so
that it supports regular HTTP communications. If you configure the server for HTTP, you do not need to
import the server certificates on the client development workstation. See “Modifying Server Configurations to
Support HTTP” on page 27. Modifying the server configuration to support HTTP access to the vSphere API is
recommended for test or development environments only, not for production deployments. The default
protocol, HTTPS, provides better security for production deployments.
Simplified Security Setup for Development Environment
You can bypass certificate checking while developing software in a non-production environment. To do this,
create a custom implementation of the javax.net.ssl.TrustManager interface that returns true rather than
actually verifying certificates during the SSL handshake. You can see examples of such a class in the Java code
samples included with the vSphere Web Services SDK.
The Java samples included with the SDK use this technique by accepting an optional command-line argument,
--ignorecert. If you plan to use the --ignorecert option or use this automatic server-certificate verification
technique in your own code, you do not need to import certificates. See “Set Up for Java Development” on
page 11 for more information.
Use the --ignorecert option only for development and testing purposes. Do not use it outside a firewall. If
the server-certificate is not verified during the SSL handshake, the client application is subject to
man-in-the-middle attacks.
vSphere Server Certificates
A