Configuring VM Manager Tool to accept trusted VM manager certificates

By default, the VM Manager Tool accepts all VM manager certificates regardless of whether they are trusted or not. You can change the default behavior to ensure that only trusted certificates are accepted by the VM Manager Tool.

Procedure

  1. Extract the VM manager certificate to a file.

    The following steps are provided as an example and show how to extract a VMware certificate in Firefox. The steps that you need to perform might differ depending on the virtualization type and the web browser that you are using. If you encounter problems with extracting VM manager certificates, refer to the documentation of the virtualization that you are using.

    1. Type the VM manager address in the web browser.
    2. Click the lock sign and click More Information.
      Viewing more information
    3. Open the Security tab and click View Certificate.
      Viewing certificate details
    4. Open the Details tab and click Export.
    5. Save the file in the DER format.
  2. Log in to the computer where the VM Manager Tool is installed and copy the VM manager certificate to that computer.
  3. To define the certificate as trusted, open the command-line interface and run the following command.
    • Linux vmman.sh -addcertificate -alias unique_alias -file vm_manager_certificate
    • Windows vmman.bat -addcertificate -alias unique_alias -file vm_manager_certificate
    Where:
    -alias
    Unique alias that will be associated with the VM manager certificate.
    -file
    Path to the VM manager certificate that you extracted.
    Important: Both switches are required.
  4. Change the VM Manager Tool settings to accept only trusted certificates.
    • If you are using the local or central VM Manager Tool, log in to License Metric Tool, and go to Management > Advanced Server Settings. Then, set the value of the vmmman_trust_all_vm_managers_certificates parameter to false.
    • If you are using the distributed or disconnected VM Manager Tool, open the vmmmainconf.properties file on the computer where the VM Manager Tool is installed. By default, the file is in the following location.
      • For distributed VM Manager Tool
        • Linux /var/opt/BESClient/LMT/VMMAN/config
        • Windows C:\Program Files (x86)\BigFix Enterprise\BES Client\LMT\VMMAN\config
      • For disconnected VM Manager Tool
        • Linux VM Manager Tool install dir/config
        • Windows VM Manager Tool install dir\config
      Then, change the value of the vmm_trust_all_vm_managers_certificates parameter to false.

Results

The VM Manager Tool accepts only trusted VM manager certificates. If a certificate of a VM manager that is defined in License Metric Tool is not trusted, the status of the VM manager changes to Connection failed.