In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-02 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)05/31 Report--
This article is to share with you about how Certificate Authority in VMware vCenter works. The editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.
VMware vSphere vCenter Server Appliance (VCSA for short) contains a series of Platform Service Controller services. VMware Certificate Authority (VMCA for short) is one of the indispensable members. The authentication service of the vCenter Server core consists of the following three components:
1) VMCA,VMware Certificate Management Service
2) VMAFD,VMware Authentication Framework Daemon
3) VMDIR,VMware Directory Service, directory service
1 、 VMCA
VMCA provides e-Cert services for VMware products in a VMware environment, and its command-line tools are stored on vCenter Server, as shown below:
# / usr/lib/vmware-vmca/certificate-manager / / after running the above command line The following appears: _ | | * * Welcome to the vSphere 6.7Certificate Manager * * |-- Select Operation-- | | 1. Replace Machine SSL certificate with Custom Certificate | 2. Replace VMCA Root certificate with Custom Signing | | Certificate and replace all Certificates | 3. Replace Machine SSL certificate with VMCA Certificate | | | | 4. Regenerate a new VMCA Root Certificate and | | replace all certificates | | | | 5. Replace Solution user certificates with | | Custom Certificate | | | | 6. Replace Solution user certificates with VMCA certificates | 7. Revert last performed operation by re-publishing old | | certificates | | 8. Reset all Certificates | | _ _ _ | Note: Use Ctrl-D to exit.
VMCA issues certificates for the following users:
1) system user, SAML certificate, which is used to verify identity and is stored in VECS (Endpoint Certificate Store, certificate store). Generally speaking, the certificate is valid for 2592000 seconds, that is, 30 days.
2) ESXi host, SSL certificate, used for communication encryption, stored in the host local disk
3) the server running related services, SSL certificate, used for communication encryption, stored in VECS
That is, VMCA only issues certificates to clients within the same domain that want to log on using SSO (single sign-on). VMware products use standard X.509 version 3 (X.509v3) certificates to hold Session certificates. These certificates are also sent over a SSL encrypted network connection.
On November 5, 2019, Kou Xuexu, a teacher at ICW,VMware Beijing Company in Beijing with four other people, said that the login ports of both vCenter Server login customers seem to be 443, but in fact one is 5443 and the other is 9443. I don't believe it. Log in to vCenter Server and see the following result:
Netstat-nlp | grep 443tcp 0 0 0.0 0. 0 grep 443tcp 443 0 0 0. 0 LISTEN 2196/rhttpproxy tcp 0 0 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0.0 * LISTEN 2396/vsphere-ui.lautcp6 0 0: 443:: * LISTEN 2196/rhttpproxy
In the above results, the one responsible for displaying the web page is rhttpproxy, and the vsphere-client is an old-fashioned Adobe Flex-based client that is about to retire from history. Vsphere-ui.lau is the new client based on HTML 5.
2 、 VMAFD
/ usr/lib/vmware-vmadir-cli, certool, and vecs-cl
3 、 VMDIR
It provides a directory service (Active Directory).
Certificate related Command Windows
C:\ Program Files\ VMware\ vCenter Server\ vmafdd\ vecs-cli.exe
C:\ Program Files\ VMware\ vCenter Server\ vmafdd\ dir-cli.exe
C:\ Program Files\ VMware\ vCenter Server\ vmcad\ certool.exe
C:\ Program Files\ VMware\ VCenter server\ VMware Identity Services\ sso-config
VCENTER_INSTALL_PATH\ bin\ service-control
Linux
/ usr/lib/vmware-vmafd/bin/vecs-cli
# / usr/lib/vmware-vmafd/bin/vecs-cli store list gets the following results: MACHINE_SSL_CERTTRUSTED_ROOTSTRUSTED_ROOT_CRLSmachinevsphere-webclientvpxdvpxd-extensionAPPLMGMT_PASSWORDdata-enciphermentSMS# / usr/lib/vmware-vmafd/bin/vecs-cli entry list-- store vpxd
/ usr/lib/vmware-vmafd/bin/dir-cli
/ usr/lib/vmware-vmca/bin/certool
/ opt/vmware/bin
This is how the Certificate Authority in VMware vCenter works. The editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.