Configuring VM Manager tool to accept trusted VM manager certificates

By default, the VM Manager tool accepts all VM manager certificates regardless of whether they are trusted or not. You can change the default behavior to ensure that only trusted certificates are accepted by the VM Manager tool.

Procedure

  1. Extract the VM manager certificate to a file.

    The following steps are provided as an example and show how to extract a VMware certificate in Firefox. The steps that you need to perform might differ depending on the virtualization type and the web browser that you are using. If you encounter problems with extracting VM manager certificates, refer to the documentation of the virtualization that you are using.

    1. Type the VM manager address in the web browser.
    2. Click the lock sign and click More Information.

      Viewing more information
    3. Open the Security tab and click View Certificate.

      Viewing certificate details
    4. Open the Details tab and click Export.
    5. Save the file in the DER format.
  2. Log in to the computer where the VM Manager tool is installed and copy the VM manager certificate to that computer.
  3. To define the certificate as trusted, open the command-line interface and run the following command.
    vmman.bat -addcertificate -alias unique_alias -file vm_manager_certificate
    Where:
    -alias
    Unique alias that will be associated with the VM manager certificate.
    -file
    Path to the VM manager certificate that you extracted.
    Important: Both switches are required.
  4. Change the VM Manager tool settings to accept only trusted certificates.
    • If you are using basic VM management, log in to BigFix Inventory and go to Management > Advanced Server Settings. Then, set the value of the vmmman_trust_all_vm_managers_certificates parameter to false.
    • If you are using advanced VM management, open the <BES Client>\LMT\VMMAN\config\vmmmainconf.properties file on the computer where the VM Manager tool is installed. Then, change the value of the vmm_trust_all_vm_managers_certificates parameter to false.

Results

The VM Manager tool accepts only trusted VM manager certificates. If a certificate of a VM manager that is defined in BigFix Inventory is not trusted, the status of the VM manager changes to Connection failed.