VMware VCENTER APPLICATION DISCOVERY MANAGER 6.1.1 - RESPOSITORY Manuel d'utilisateur télécharger pdf (Page 31)

VMware, Inc. 31

Chapter 4 Securing ADM

To create a certificate

1TogeneratetheRivest,Shamir,andAdleman(RSA)keytype:

cd /etc/httpd/conf/ssl.prm/

openssl genrsa 2048 > server.key

chmod 400 server.key

TheopenSSLutilitycangenerateaDigitalSignatureAlgorithm(DSA)keybyusingthegendsaoption.

Forcompatibility,VMwarerecommendsRSAkeysbyusing2048‐bitsasthekeysize.

2 Createthecertificatebytyping:

openssl req -new -x509 -nodes -sha1 -days 365 -key server.key > server.crt

The-new,-x509,and-nodesargumentsarerequiredtocreateanunencryptedcertificate.The-days

argumentspecifiesthelengthoftimethecertificateisvalid.

Forencryptedcertificates,everytimeyouarerequiredtotypethepassworduntilthekeyisloaded.

YoucanaskquestionstocompleteX.509attributescertificate.Adjusttheanswerstoyourlocalsettings.If

frequentlytyped,youcanupdatethesystemopenssl.cnffile(inthe/usr/share/ssl/directory)withthe

correctdefaults.

Table 4‐1listsX.509attributesamplepromptsandanswers.

Forwebservices,thecommonnamefieldmustexactlymatchthehostname(orVIPname,forhosts

associated

withaloadbalancer)ofthesystemcertificateisusedon;otherwise,acertificatetohostnamemismatchcan

occur.Inpeer‐to‐peersetupsforAS2,thisfieldcanusuallybesettoadescriptivestring.

Thecertificatedataintheserver.crtfilemustbetransferredtoallclientsystems

thatneedtoverifythekey

oftheservertowhichitisconnected.Ifthismethoddoesnotscale,setupaCA,anddistributethesigning

certificatetotheclientsinsteadofeachself‐signedcertificate.Optionally,youcanextractthemetadata.

Copying the .key and .crt Files

Typethefollowingcommandstocopythe.keyand.crtfiles:

cp server.crt /etc/httpd/conf/ssl.crt

cp server.key /etc/httpd/conf/ssl.key

Tomakethecertificateeffective,restarttheApacheservicebytyping

adm_control.pl --restart apache

NOTEInmostcases,encryptedcertificatesarenotworththeoperationalburden,aseachprocessrestart

orsystemrestartrequiresyoutomanuallytypeapassword.

Table 4-1. X.509 Sample Prompts and Answers

Prompt Answer

Countryname(2lettercode)[AU]: US

Stateorprovincename(fullname)[Some‐State]: Massachusetts

Localityname(eg,city)[]: Boston

Organizationname(forexample,company)[InternetWidgitsPtyLtd]: YourCompanyOrg

Organizationalunitname(forexample,section)[]: ‐

Commonname(forexample,YOURname)[]: hostname.domain

E‐mailaddress[]: postmaster@yourcompany.org

1 2 ... 26 27 28 29 30 31 32 33 34 35 36 ... 63 64

Commentaires sur ces manuels

Pas de commentaire

VMware VCENTER APPLICATION DISCOVERY MANAGER 6.1.1 - RESPOSITORY Manuel d'utilisateur Page 31

Commentaires sur ces manuels

Produits connexes et manuels pour Logiciel de base de données VMware VCENTER APPLICATION DISCOVERY MANAGER 6.1.1 - RESPOSITORY