Openssl Self-Signed Test Certificates; Ca Signed Test Certificates; Self-Signed Certificates - VMware VCENTER APPLICATION DISCOVERY MANAGER 6.1.1 Administration Manual

Application Discovery Manager Administration Guide
6 Place your cursor at the end of the line and append the line by typing:
single
7 Press Enter to commit the change.
8 Press b to start the system.
Your system starts without requiring a password.
9 Type the following command to reset the password:
passwd
10 Follow the prompts as they appear on the screen to set the password.
11 Type the following command to restart the system:
reboot
Your password is changed and restarts the system.
N You can also reset the ADM root password by running system_setup command.
OTE

OpenSSL Self-Signed Test Certificates

The VMware vCenter Application Discovery Manager default installed certificate is created during the
installation and is valid for one year to use the appliance until you acquire a local Certificate Authority (CA).
Public‐facing secure Web sites must use a third‐party CA. If you want to use the appliance in test environment
and then deploy that appliance to a production environment, you must not change the hostname as the ADM
does not support changing the hostname. Instead, you can set up an alias in the DNS to resolve the appliance
hostname.

CA Signed Test Certificates

To create CA signed certificates, you must generate a certificate request file (csr). The certificate request file
provides details about the requester of the certificate and the certificate is signed by the private key above to
your trusted certificate authority.
Create the certificate request by typing:
openssl req -new -key server.key -out server.csr
Fill in the X.509 attributes as specified previously. For more details consult your CA.
To install the certificate provided by your CA, perform the steps described in "Copying the .key and .crt Files"
on page 31.
Free CA providers, as http://www.cacert.org exist.

Self-Signed Certificates

Use self‐signed certificates only in the test environments, or where only a limited number of connections is
established. For example, peer‐to‐peer relationships can be a custom VPN or AS2 link between two companies,
or between two different sites of the same company. Self‐signed certificates become impractical as the number
of certificates necessary to manage grows linearly with the number of peering relationships. A local CA, while
more complex to setup, reduces the number of keys required to be distributed for verification, and replicates
a real‐world certificate environment. A CA can cost less to manage than hundreds or thousands of individual
certificates on each peer system.
N Do not use the self‐signed certificates in production environments.
OTE
Certificate creation requires the openssl utility. The openssl utility is located in the ADM appliance folder.
/usr/bin/openssl
30 VMware, Inc.