By default, the VM Manager Tool accepts all VM manager certificates regardless of whether they are trusted or not.
You can change the default behavior to ensure that only trusted certificates are accepted by the
VM Manager Tool.
Procedure
- Extract the VM manager certificate to a file.
The
following steps are provided as an example and show how to extract
a VMware certificate in Firefox. The steps that you need to perform
might differ depending on the virtualization type and the web browser
that you are using. If you encounter problems with extracting VM manager
certificates, refer to the documentation of the virtualization that
you are using.
- Type the VM manager address in the web browser.
- Click the lock sign and click More Information.
- Open the Security tab and click View
Certificate.
- Open the Details tab and click Export.
-
Save the file in the DER format.
-
Log in to the computer where the VM Manager Tool is installed and copy the VM manager certificate to that computer.
-
To define the certificate as trusted, open the command-line interface and run the following
command.
-
vmman.sh -addcertificate -alias unique_alias -file
vm_manager_certificate
-
vmman.bat -addcertificate -alias unique_alias -file
vm_manager_certificate
Where:
-alias
- Unique alias that will be associated with the VM manager certificate.
-file
- Path to the VM manager certificate that you extracted.
Important: Both switches are required.
-
Change the VM Manager Tool
settings to accept only trusted certificates.
- If you are using the local or central VM Manager Tool, log in to License Metric Tool, and go to . Then, set the value of the
vmmman_trust_all_vm_managers_certificates parameter to
false.
- If you are using the distributed or disconnected VM Manager Tool, open the
vmmmainconf.properties file on the computer where the VM Manager Tool is installed. By default, the
file is in the following location.
- For distributed VM Manager Tool
-
/var/opt/BESClient/LMT/VMMAN/config
-
C:\Program Files (x86)\BigFix Enterprise\BES Client\LMT\VMMAN\config
- For disconnected VM Manager Tool
-
VM Manager Tool install dir/config
-
VM Manager Tool install dir\config
Then, change the value of the vmm_trust_all_vm_managers_certificates
parameter to false.
Results
The VM Manager Tool accepts
only trusted VM manager certificates. If a certificate of a VM manager that is defined in License Metric Tool is not trusted, the status of the VM
manager changes to Connection failed.