VMware VCM 5.3 - TRANSPORT LAYER SECURITY IMPLEMENTATION Bedienungsanleitung

Stöbern Sie online oder laden Sie Bedienungsanleitung nach Software VMware VCM 5.3 - TRANSPORT LAYER SECURITY IMPLEMENTATION herunter. vCenter Configuration Manager Transport Layer Security Benutzerhandbuch

  • Herunterladen
  • Zu meinen Handbüchern hinzufügen
  • Drucken

Inhaltsverzeichnis

Seite 1 - Implementation

vCenter Configuration ManagerTransport Layer SecurityImplementationVMware VCM 5.3WHITE PAPER

Seite 2 - Table of Contents

TLS Implementation for VCMTECHNICAL WHITE PAPER / 10The Collector CertificateThe Collector Certificate is issued by the Enterprise Certificate, and mu

Seite 3

TECHNICAL WHITE PAPER / 11lMust be usable for client authenticationlMust be issued by any Collector Certificate issued by the Enterprise Certificate,

Seite 4 - Introduction to TLS

TLS Implementation for VCMTECHNICAL WHITE PAPER / 12Creating and Installing Certificates for CollectorsCertificates can either be generated during VCM

Seite 5 - Expiration and Revocation

TLS Implementation for VCMTECHNICAL WHITE PAPER / 13Changing CertificatesCertificates always have an expiration date, after which they are no longer v

Seite 6 - Certificate Storage

TECHNICAL WHITE PAPER / 14After VCM installation, if you decide that you want to use different certificates than the ones that you either generatedor

Seite 7 - How VCM Uses Certificates

TLS Implementation for VCMTECHNICAL WHITE PAPER / 15Delivering Initial Certificates to AgentsVCM Agents use Enterprise Certificates to validate Collec

Seite 8

TLS Implementation for VCMTECHNICAL WHITE PAPER / 16Installing the Agent from a Disk (Windows only)The VCM installation image/DVD does not contain cus

Seite 9

TECHNICAL WHITE PAPER / 17UNIX/Linux or Mac OS XEach UNIX/Linux or Mac OS X installation package is targeted for one or more supported platforms. To i

Seite 10 - Agent Certificates

TLS Implementation for VCMTECHNICAL WHITE PAPER / 188. Select the certificate to be exported. Right-click, and then select All Tasks | Export.9. The C

Seite 11 - TLS Machine Security Level

TECHNICAL WHITE PAPER / 199. The File to Import dialog box appears. Select the file to import. Either format is acceptable: *.pfx or *.cer. The*.pem f

Seite 12 - TLS Implementation for VCM

TECHNICAL WHITE PAPER / 2Table of ContentsIntroduction to TLS 4Server Authentication 4Mutual Authentication 4Certificates and Public Key Infrastructur

Seite 13 - Changing Certificates

TLS Implementation for VCMTECHNICAL WHITE PAPER / 20Appendix A: Creating Certificates for TLS UsingMakecertVCM is designed to run in TLS mode with two

Seite 14

TLS Implementation for VCMTECHNICAL WHITE PAPER / 211. Use the following command to create the CM Enterprise Certificate:makecert -pe -n "<ent

Seite 15 - Upgrades

TECHNICAL WHITE PAPER / 22Example:makecert -pe -n "CN=CM Collector Certificate BBBBBBBB-BBBB-BBBB-BBBB-BBBBBBBBBBBB" -sky exchange -sv "

Seite 16 - UNIX/Linux or Mac OS X

TLS Implementation for VCMTECHNICAL WHITE PAPER / 23Import the Certificates on the Collector MachinesPerform the following procedure on the new Collec

Seite 17 - Certificate Transport

TECHNICAL WHITE PAPER / 24-h 2 Max height of certificate chains. A value of 2 for the Enterprise allowsit to sign a Collector certificate capable of s

Seite 18

TLS Implementation for VCMTECHNICAL WHITE PAPER / 25-pe Make the private key exportable.-r Self sign the certificate.-sk <collector_key_name>Nam

Seite 19

TLS Implementation for VCMTECHNICAL WHITE PAPER / 26Appendix B: Updating the Collector CertificateThumbprint in the VCM Collector Database1. Within MM

Seite 20 - Makecert

TLS Implementation for VCMTECHNICAL WHITE PAPER / 27Appendix C: Managing the VCM UNIX AgentCertificate StoreThe VCM UNIX Agent certificate store is a

Seite 21

TLS Implementation for VCMTECHNICAL WHITE PAPER / 28CSI_ManageCertificateStore Options[root@localhost tmp]# CSI_ManageCertificateStore -?Usage: /opt/C

Seite 22

TECHNICAL WHITE PAPER / 29-u Update certificate in the certificate storeCommon uses:Insert a new certificate into the certificate store:/opt/CMAgent/C

Seite 23 - MakeCert Options

TECHNICAL WHITE PAPER / 3Certificate Expiration 17Certificate Transport 17Exporting Certificates (Windows Only) 17Importing Certificates (Windows Only

Seite 24

TLS Implementation for VCMTECHNICAL WHITE PAPER / 30/opt/CMAgent/CFC/3.0/bin/CSI_ManageCertificateStore -e -g fingerprintExport existing certificates

Seite 25

TECHNICAL WHITE PAPER / 31Subject : O = CSI-SE, OU = VMware vCenter Configuration Manager, title = VCMCertificate 7529006C-222F-4EBF-A7E7-F6AB15DB626F

Seite 26

TLS Implementation for VCMTECHNICAL WHITE PAPER / 32Subject : O =VMware, Inc., OU = VMware vCenter Configuration Manager, title = VCMCertificate 75290

Seite 27 - Certificate Store

TECHNICAL WHITE PAPER / 33Subject : O = QAT, OU = VMware vCenter Configuration Manager, title = VCMCertificate 7529006C-222F-4EBF-A7E7-F6AB15DB626F, C

Seite 28

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.comCopyright © 2010 VMware, Inc. All rights rese

Seite 29

TLS Implementation for VCMTECHNICAL WHITE PAPER / 4Introduction to TLSTransport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL),

Seite 30

TLS Implementation for VCMTECHNICAL WHITE PAPER / 5Certificates and Public Key InfrastructureA Public Key Infrastructure, or PKI, is a management syst

Seite 31

TLS Implementation for VCMTECHNICAL WHITE PAPER / 6Note VCM supports certificate expiration. However, it does not support revocation lists. Certificat

Seite 32

TECHNICAL WHITE PAPER / 7How VCM Uses CertificatesThere are three types of certificates that enable HTTP collector-agent communications in VCM:lEnterp

Seite 33

TLS Implementation for VCMTECHNICAL WHITE PAPER / 8Figure 2: Shared Collector-Agent RelationshipAs the diagram above illustrates, an Agent may communi

Seite 34

TECHNICAL WHITE PAPER / 9Figure 3: Trust Chain in a Shared Collector-Agent RelationshipIn addition, for Mutual Authentication in a shared Collector-Ag

Kommentare zu diesen Handbüchern

Keine Kommentare