VMware VCM 5.3 - TRANSPORT LAYER SECURITY IMPLEMENTATION Manuale Utente Scaricare il pdf (Pagina 21)

TLS Implementation for VCM

TECHNICAL WHITE PAPER / 21

1. Use the following command to create the CM Enterprise Certificate:

makecert -pe -n "<enterprise_cert_name>" -ss Root -sr LocalMachine -r -sky

exchange -sk "<enterprise_key_name>" -b mm/dd/yyyy -e mm/dd/yyyy -len 1024 -h

2 -cy authority -eku 1.3.6.1.5.5.7.3.1 <filename[.cer | .pem]>

2. Use the following command to create the first Collector Certificate, signed by the Enterprise Certificate.

makecert -pe -n "<collector_cert_name>" -ss My -sr LocalMachine -sky exchange

–sk <collector_cert_name> -b mm/dd/yyyy -e mm/dd/yyyy -len 1024 –in

<enterprise_cert_common_name> -is Root -ir LocalMachine -cy authority

<collector_cert_name.[cer|pem]>

Note If the Enterprise Certificate is not stored (with private key) on the Collector, follow the steps below for

additional Collector Certificates in Create Certificates for Additional Collectors on page 21.

Create Certificates for Additional Collectors

If additional Collectors are needed, a slightly different process is required to generate the additional Collector

Certificates, issued by the Enterprise Certificate. This process can be followed even if the original certificates were

generated by the VCM Installation Manager.

Use the following procedure to create an additional Collector Certificate, signed by the Enterprise Certificate. This

procedure must be executed on the Enterprise machine (probably the initial Collector), because access to the private

key for the Enterprise certificate is required.

The goal is to create an installable file that includes the new Collector's private key without storing that key in the key

store of the initial Collector/Enterprise machine. A better way to do this is to generate a key pair and certificate request

on the additional Collector machine, and only transport that.

Refer to MakeCert Options on page 23 for a list of the options used below and their definitions.

1. Enter the following command:

makecert -pe -n "<collector_cert_name>" -sky exchange -sv "<collector_cert_

key_file>" -b mm/dd/yyyy -e mm/dd/yyyy -len 1024 -in "<enterprise_cert_common_

name>" -is Root -ir LocalMachine -cy authority -eku 1.3.6.1.5.5.7.3.1 "

<collector_cert_name.[pem|cer]>"

1 2 ... 16 17 18 19 20 21 22 23 24 25 26 ... 33 34

Nessun commento

VMware VCM 5.3 - TRANSPORT LAYER SECURITY IMPLEMENTATION Manuale Utente Pagina 21