Table of Contents
Advertisement
Appendix A: Creating Certificates for TLS Using
Makecert
VCM is designed to run in TLS mode with two levels of certificates. In this mode, an Enterprise Certificate is the
ultimate trusted authority. All Collector Certificates will be signed by this Enterprise Certificate. All Agents will have
access to the Enterprise Certificate as a trusted authority. Any Collector Certificate can be used to sign an Agent
Certificate. A given Agent should be able to mutually authenticate with multiple Collectors.
In the following process, the Enterprise machine can be the same as the Collector machine. Some of the steps can be
simplified if they are the same, or if the Enterprise or Collector machines are set up to be certificate servers. The
example is written for the case when the Enterprise machine is also the (first) Collector. When this is not the case, you
will have to follow the steps for creating a second collector for the initial collector.
Makecert (Certificate Creation Tool), cert2spc (Software Publisher Certificate Test Tool), pvkimprt (PVK Digital
Certificate Files Importer), and many related utilities are available as part of the SDK download from Microsoft. For
more information, visit the Microsoft Developer Network and search for the downloads by platform (pre-Vista or Vista):
Pre-Vista: Windows Server 2003 SP1 Platform SDK full download
l
Vista: Windows SDK for Windows Server 2008 and .NET Framework version 3.5
l
Create the Enterprise Certificate and the First Collector Certificate
Use the following procedure to create the Enterprise Certificate and the first Collector Certificate. Refer to
Options on page 23
for a list of the options used below and their definitions.
Example:
makecert -pe -n "CN = CM Enterprise Certificate AAAAAAAA-AAAA-AAAA-AAAAAAAAAAAAAAAA"
-ss Root -sr LocalMachine -r -sky exchange -sk "CM Enterprise Certificate AAAAAAAA-
AAAA-AAAAAAAA-AAAAAAAAAAAA" -len 1024 -h 2 -cy authority -eku 1.3.6.1.5.5.7.3.1
Note
VCM embeds a GUID ("AAAAAAAA-AAAA-AAAAAAAA-AAAAAAAAAAAA" or "BBBBBBBB-BBBB-BBBB-
BBBBBBBBBBBBBBBB") into the Common Name by convention to ensure that the name is unique; however, this is
not a requirement
TLS Implementation for VCM
MakeCert
TECHNICAL WHITE PAPER / 20
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for VMware VCM 5.3 - TRANSPORT LAYER SECURITY IMPLEMENTATION
Related Products for VMware VCM 5.3 - TRANSPORT LAYER SECURITY IMPLEMENTATION
- VMWARE VCENTER CONFIGURATION MANAGER 5.3 - SOFTWARE CONTENT REPOSITORY TOOL GUIDE
- VMWARE VCENTER CONFIGURATION MANAGER 5.3 - VCENTER DISCOVERED MACHINES IMPORT TOOL GUIDE
- VMWARE VCENTER CONFIGURATION MANAGER 5.3 - SOFTWARE REQUIEREMENTS GUIDE
- VMWARE VCM 5.3 - CONFIGURATION MANAGER SECURITY ENVIRONMENT REQUIREMENTS
- VMWARE VCM 5.3 - RECOVERY GUIDE
- VMware VC-SRM4-A - vCenter Site Recovery Manager
- VMware VC-VLM4-C - vCenter Lab Manager
- VMWARE VCENTER SERVER 4.0 - UPGRADE GUIDE UPDATE 1
- VMWARE VCENTER CAPACITYIQ 1.5
- VMware vCenter ConfigurationManager 5.3
- VMWARE VSPHERE CLIENT 4.0 - UPGRADE GUIDE UPDATE 1
- VMWARE VIEW 4.5 - GUIDE DE MISE A NIVEAU
- VMware VS4-STD-C - vSphere Standard - PC
- VMWARE VSPHERE 4.0 - SOFTWARE COMPATIBILITY MATRIX
- VMware vShield Endpoint 1.0
- VMware vSphere vCenter Server 4.0
Need help?
Do you have a question about the VCM 5.3 - TRANSPORT LAYER SECURITY IMPLEMENTATION and is the answer not in the manual?
Questions and answers