VMware VCM 5.3 - TRANSPORT LAYER SECURITY IMPLEMENTATION Manual page 22

Example:
makecert -pe -n "CN=CM Collector Certificate BBBBBBBB-BBBB-BBBB-BBBB-
BBBBBBBBBBBB" -sky exchange -sv "CM Collector BBBBBBBB-BBBB-BBBB-BBBB-
BBBBBBBBBBBB.pvk" -b 04/07/2008 -e 04/07/2018 -len 1024 -in "CM Enterprise
Certificate AAAAAAAA-AAAA-AAAA-AAAAAAAAAAAAAAAA" -is Root -ir LocalMachine -cy
authority -eku 1.3.6.1.5.5.7.3.1 "CM Collector BBBBBBB-BBBB-BBBB-BBBB-
BBBBBBBBBBBB.pem"
2. Enter the following command to convert the x509 certificate file to a file-based certificate store in the named
.spc file.
cert2spc <collector_cert_name>.cer <collector_cert_name>.spc
Example:
cert2spc "Collector Certificate BBBBBBBB-BBBB-BBBB-BBBB-BBBBBBBBBBBB.cer"
"Collector Certificate BBBBBBBB-BBBB-BBBB-BBBB-BBBBBBBBBBBB.spc"
3. Enter the following command to export the file-based certificate store (containing our certificate) and the
private key in the key file to a PFX file.
pvkimprt -pfx <collector_cert_name>.spc <collector_cert_key_file>
This launches the Certificate Export Wizard. Select Yes, export the private key. Keep the .pfx format.
Uncheck all of the checkboxes. Optionally choose a password for secure transport of the file (recommended).
Example:
vkimprt -pfx "CM Collector Certificate BBBBBBBB-BBBB-BBBB-
BBBBBBBBBBBBBBBB.spc" "CM Collector Certificate BBBBBBBB-BBBB-BBBB-
BBBBBBBBBBBBBBBB.pvk"
4. Remove your temporary files, especially the key file.
5. Transport the .pfx file containing the new Collector Certificate, and the Enterprise Certificate export file to the
new Collector machine.
The Enterprise Certificate file is located in the CollectorData folder of the initial collector (typically C:\Program
Files\VMware\VCM\CollectorData) or you can export it from the local machine trusted root system store. The
export file has a .pem extension.
TLS Implementation for VCM
TECHNICAL WHITE PAPER / 22