Table of Contents
Advertisement
After VCM installation, if you decide that you want to use different certificates than the ones that you either generated
or selected during the installation process, you must replace those certificates.
Use the following procedure to replace both the Enterprise and Collector Certificates.
1. Create or obtain a new Enterprise certificate. For information on how to create an Enterprise Certificate using
MakeCert Certificate Creation Tool, see
2. Create or obtain a new Collector Certificate that is signed by the Enterprise Certificate. For information on how
to create a Collector Certificate using MakeCert Certificate Creation Tool, see
Using Makecert on page
3. Import the Enterprise Certificate into the Local Computer Trusted Root store on the VCM Collector. For more
information, see
Certificate Transport on page
4. Import the Collector Certificate and the private key into the Personal store on the VCM Collector. For more infor-
mation, see
Certificate Transport on page
5. Update the Collector Certificate thumbprint in the VCM Collector database. For more information, see
the Collector Certificate Thumbprint in the VCM Collector Database on page 26
6. Restart the Collector service.
7. Import the Enterprise Certificate into the Trusted Root store on the VCM Windows Agent systems (see
tificate Transport on page
tocol to DCOM and back to HTTP (only if the Collector can communicate with Agents using DCOM protocol).
On UNIX Agents, place the certificates into the VCM Agent Certificate store.
Replace Only the Collector Certificates
After VCM installation, you may find that you want to use a different Collector Certificate than you specified during
installation, but your Enterprise Certificate is still valid. In this situation, you can use the following procedure to replace
only the Collector Certificate.
1. Create or obtain a new Collector Certificate (and associated private key) that is signed by the Enterprise Cer-
tificate. For information on how to create a Collector Certificate using MakeCert Certificate Creation Tool, see
Creating Certificates for TLS Using Makecert on page
2. Import the Collector Certificate and the private key into the Personal store on the VCM Collector.
3. Update the Collector Certificate thumbprint in the VCM Collector database. See
tificate Thumbprint in the VCM Collector Database on page
4. Restart the Collector services.
Creating Certificates for TLS Using Makecert on page
20.
17.
17.
17), install the VCM Agent with the "Enable HTTP" option selected, or change pro-
TLS Implementation for VCM
Creating Certificates for TLS
20.
Updating the Collector Cer-
26.
TECHNICAL WHITE PAPER / 14
20.
Updating
Cer-
Advertisement
Table of Contents
Related Manuals for VMware VCM 5.3 - TRANSPORT LAYER SECURITY IMPLEMENTATION
Related Products for VMware VCM 5.3 - TRANSPORT LAYER SECURITY IMPLEMENTATION
- VMWARE VCENTER CONFIGURATION MANAGER 5.3 - SOFTWARE CONTENT REPOSITORY TOOL GUIDE
- VMWARE VCENTER CONFIGURATION MANAGER 5.3 - VCENTER DISCOVERED MACHINES IMPORT TOOL GUIDE
- VMWARE VCENTER CONFIGURATION MANAGER 5.3 - SOFTWARE REQUIEREMENTS GUIDE
- VMWARE VCM 5.3 - CONFIGURATION MANAGER SECURITY ENVIRONMENT REQUIREMENTS
- VMWARE VCM 5.3 - RECOVERY GUIDE
- VMware VC-SRM4-A - vCenter Site Recovery Manager
- VMware VC-VLM4-C - vCenter Lab Manager
- VMWARE VCENTER SERVER 4.0 - UPGRADE GUIDE UPDATE 1
- VMWARE VCENTER CAPACITYIQ 1.5
- VMware vCenter ConfigurationManager 5.3
- VMWARE VSPHERE CLIENT 4.0 - UPGRADE GUIDE UPDATE 1
- VMWARE VIEW 4.5 - GUIDE DE MISE A NIVEAU
- VMware VS4-STD-C - vSphere Standard - PC
- VMWARE VSPHERE 4.0 - SOFTWARE COMPATIBILITY MATRIX
- VMware vShield Endpoint 1.0
- VMware vSphere vCenter Server 4.0