Create New Ssl Certificates And Keys For Each Server - VMware ACE Management Server Administrator's Manual

ACE Management Server Administrator's Manual

Create New SSL Certificates and Keys for Each Server

If you do not want to use the same SSL certificate and key for each ACE Management Server, you must create
new SSL certificates and keys for each server.
If you plan to obtain SSL certificates from a certificate authority, you must create certificate chains. Figure
provides an overview of determining which certificates are included in a chain.
Figure 5-2. Creating the Certificate Chain File
certificate
verification
chain
Root SSL Certificate
Intermediary SSL Certificate
Server SSL
Certificates
ACE Management Server #1
SSL Certificate
To create new SSL certificates and keys for each server
1 Create as many SSL certificate and key pairs as you need (one for each server in your server farm).
The procedure varies, depending on the tools you use. To determine how to create these certificates and
keys, see the documentation for your platform. Each certificate must have a unique common name and a
unique serial number.
2 If your certificates require a certificate chain to be verified, create a certificate chain file for each certificate.
The certificate chain file is a text file that contains every certificate (in PEM format) needed to verify the
leaf certificate (including the root certificate of the chain).
a Download the verification chain from your certificate authority.
b Each certificate must be in PEM format before you create the certificate chain file.
To convert to PEM format, use the open SSL tools available online.
c Create the certificate chain file by concatenating each PEM‐encoded certificate into one file.

If both of your certificates are self‐signed, your certificate chain file must be a file that contains
both certificates concatenated.

If you received your certificates from the same certificate authority, the chain file must contain
only the verification chain for these certificates, and the chains must be the same.

If the certificates come from different certificate authorities, the chain file must contain both
certificate verification chains.
For example, if you are using two ACE Management Server instances you have two certificate chain files.
42
convert to PEM
then append to file
convert to PEM
then append to file
convert to PEM
then append to file
ACE Management Server #2
SSL Certificate
convert to PEM
then append to file
Certificate Chain File
[Root SSL Certificate in PEM format]
[Intermediary SSL Certificate in PEM format]
[AMS #1 SSL Certificate in PEM format]
[AMS #1 SSL Certificate in PEM format]
5‐2
VMware, Inc.