VMware vCenter中的 Certificate Authority是如何工做的

時間 2019-11-05

標籤 vmware vcenter certificate authority 如何欄目虛擬機简体版

原文原文鏈接

VMware vSphere vCenter Server Appliance (簡稱爲VCSA)中包含一個Platform Service Controller的系列服務。VMware Certificate Authority（簡稱VMCA）就是其中不可或缺的一員。vCenter Server 核心的身份認證服務包括如下3個組件：bash

1）VMCA，VMware證書管理服務服務器

2）VMAFD，VMware Authentication Framework Daemon工具

3）VMDIR，VMware Directory Service，目錄服務spa

一、VMCA

VMCA面向VMware環境中的VMware產品提供的電子證書服務，其命令行工具存放在vCenter Server上，見下文：命令行

#/usr/lib/vmware-vmca/certificate-manager 

//運行上述的命令行後，會出現如下內容：
		 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ 
		|                                                                     |
		|      *** Welcome to the vSphere 6.7 Certificate Manager  ***        |
		|                                                                     |
		|                   -- Select Operation --                            |
		|                                                                     |
		|      1. Replace Machine SSL certificate with Custom Certificate     |
		|                                                                     |
		|      2. Replace VMCA Root certificate with Custom Signing           |
		|         Certificate and replace all Certificates                    |
		|                                                                     |
		|      3. Replace Machine SSL certificate with VMCA Certificate       |
		|                                                                     |
		|      4. Regenerate a new VMCA Root Certificate and                  |
		|         replace all certificates                                    |
		|                                                                     |
		|      5. Replace Solution user certificates with                     |
		|         Custom Certificate                                          |
		|                                                                     |
		|      6. Replace Solution user certificates with VMCA certificates   |
		|                                                                     |
		|      7. Revert last performed operation by re-publishing old        |
		|         certificates                                                |
		|                                                                     |
		|      8. Reset all Certificates                                      |
		|_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _|
Note : Use Ctrl-D to exit.

VMCA爲如下用戶簽發證書：code

1）系統用戶orm

2）ESXi主機產品

3）運行相關服務的服務器it

即，只向同一個域內、想要使用SSO（single sign-on，單點登陸）登陸的客戶端發放證書。io