Manualshelf

Users Guide

ManualsBrandsDell ManualsComputer HardwareEmulex Family of Adapters
919293949596979899100
Broadcom OCM-VM-LPe-UG124-101
93
Emulex OneCommand Manager for VMware vCenter User Guide
Chapter 10: Generating and Installing Secured Certificates
OCMNG is a web application, based on a client-server model, that runs on the Apache Tomcat Web Server. Data is
exchanged between the client (browser) and the server (on a remote machine), which requires a secure user logon to
manage Emulex adapters on different and multiple hosts.
10.1 SSL Certificate
A Secure Sockets Layer (SSL) certificate establishes an encrypted connection between the web server and the web browser
on a remote machine. This connection allows private information to be transmitted without eavesdropping, data tampering,
or message forgery.
An SSL certificate provides security through encryption and authentication. Encryption is ensured by accessing the remote
server using the HTTPS protocol and an SSL certificate.
NOTE: If OneCommand Manager for VMware vCenter is running, the server must be configured to support HTTPS
protocol access and provide a self-signed certificate.
The OneCommand Manager for VMware vCenter server is authenticated to the browser by a public key in the self-signed
certificate.
10.1.1 Generating an SSL Certificate
To allow secured communication between the client and the server, perform these steps:
1. Generate a self-signed certificate with a keystore file for each server providing the server's domain name and company
details. See Section 10.1.2, Generating a Self-Signed Certificate, for instructions. For more information, refer to the
X.509 attributes list on the International Telecommunications Union website.
2. Use this certificate to create a request to the customer's trusted certificate authority (CA). The request certificate is
referred as a Certificate Signing Request (CSR). The CA issues a new SSL certificate. See Section 10.2.1, Generating
a CSR for a Server Using the Java Tool, for instructions.
3. Import the new SSL certificate to the application server, and install the SSL certificate on the client's browser. See
Section 10.2.4.1, Installing the Certificates to the Keystore of OneCommand Manager for VMware vCenter, for
instructions.
4. Configure the server to use the keystore file. See Section 10.2.4.2, Configuring a Web Server, for instructions.
5. Access the server's content through the browser using the HTTPS protocol.
The browsers understand the certificate, and the browsers allow access to and from the remote server.
10.1.2 Generating a Self-Signed Certificate
A self-signed certificate is a certificate that is signed by itself (the server hosting OneCommand Manager for VMware
vCenter) rather than a trusted CA. This self-signed certificate includes a public or private key that is distributed by the SSL
to verify the identity of the server.
A self-signed certificate can also be used as an alternative to SSL certificates if the server is not running in a public domain.