Manualshelf

6.0

ManualsBrandsVMware ManualsApplicationsvSphere
21222324252627282930
Table Of Contents
vSphere Web Services SDK Developer’s Setup Guide
26 VMware, Inc.
Obtaining Server Certificates
VMware products use standard X.509 version 3 (X.509v3) certificates to encrypt session information sent over
SSL connections between server and client systems. When a client application initiates an SSL session with the
server, the server sends its certificate to the client application, which checks the X.509 certificate against a list
of known Certificate Authorities (CAs) to verify the authenticity of the certificate. The client then uses the
servers public key contained in the X.509 certificate to generate a random symmetric key, which it uses to
encrypt all subsequent communications.
The installers for ESX, ESXi, and vCenter Server create server certificates during the process of installation. For
ESX and ESXi systems, the certificate name matches the DNS name of the server. For vCenter Server systems,
the certificate name is VMware. Because these certificates are not signed by an official root CA, you must
obtain the server certificate from each server that you plan to target with your client application and store it
locally.
For example, if you are creating a client application to run against the vCenter Server and an ESX system in
standalone mode, you must obtain both the vCenter Server certificate and the ESX certificate. If your
application is aimed solely at the vCenter Server that might manage any number of ESX systems, you must
obtain the certificate only from the vCenter Server.
You can obtain the certificates in one of the following ways:
Developers working on the Microsoft Windows platform can use the certificate-handling capabilities of
the vSphere Client from the development workstation to connect to each ESX, ESXi, or vCenter Server and
accept the certificate into the local cache and export the certificate. See “Obtain Certificates Using the
vSphere Web Client” on page 26.
Developers with access privileges on the target server systems can use a secure shell client utility (SCP,
WinSCP, or SSH) to connect directly to the ESX, ESXi, or vCenter Server and copy the certificates directly
from the server to the development platform.
Obtain Certificates Using the vSphere Web Client
Use the vSphere Web Client to obtain certificates, so you don’t have to install another client on your
development workstation. You can download the VMware Certificate Authority root and leaf certificates and
then add them to the operating system root store of the system from which you are connecting to the vCenter
Server system.
To obtain server certificates:
1 From a client system Web browser, go to the URL of the vCenter Server system or the vCenter Server
Virtual Appliance.
2Click the Download trusted root CA certificates link at the bottom of the grey box on the right and
download the file.
3 Change the extension of the file to .zip.
4 The file is a ZIP file of all root certificates and all CRLs in the VMware Endpoint Certificate Store (VECS).
5 Extract the contents of the ZIP file.
6 The result is a .certs folder that contains two types of files. Files with a number as the extension (.0,
.1, and so on) are root certificates. Files with an extension that starts with an r (.r0,. r1, and so on) are
CRL files associated with a certificate.
7 Install the certificate files as trusted certificates by following the process that is appropriate for your
operating system.
Firefox has its own trusted roots store and does not use the operating system store. If you are working with
Firefox, download the certificate as described above, and then select Tools > Options, click Advanced, and
click Certificates to import the certificate into Firefox.