Posts Tagged ‘certificate’

A Little Known Security Feature in vCenter: Certificate Based Authentication

May 18th, 2015 No comments

Although we are all familiar with the username and password based login to the VMware vSphere, it’s also possible to login into vSphere with just certificates. If you are a third party vendor, either IHV (independent hardware vendor) or ISV (independent software vendor), the certificate based login is actually a better and preferred alternative to the one using username and password.

Let me explain why it’s the case, and how it can be done painlessly.

Setting Security Certificate: What VMware Did Not Tell You

March 20th, 2014 No comments

In my last article, I discussed on the format requirement for Java APIs and how I found out the root cause and its solution. Even more mysterious is the format requirement of VMware vCenter as I discovered in another VMware related project, in which I needed to register an extension with vCenter and set up its certificate.

Categories: vSphere API Tags: , , ,

Reading X.509 Certificate in Java: How to Handle Format Issue

March 16th, 2014 12 comments

I got into a very interesting problem while writing code to read a X.509 certificate. It’s a standard PEM encoded certificate (shown below) as you would find anywhere else.

-----BEGIN CERTIFICATE-----IBAgIJAKMIIDRTCCAi2gAwlwrFcAdHQtMA0GCSqGSIb3DQEBBQUAMCAxHjAcBgNVBAMTFWxvY2FsaG9zdC5sb2NhbGRvbWFpbjAeFw0xNDAyMjExMzM4NTBaFw0yNDAyMTkxMzM4NTBaMCAxHjAcBgNVBAMTFWxvY2FsaG9zdC5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPFUHIMCZdvngHxBhSPf2LezpXTzQ7cOsfv2G0xVBJjkYKfffLxKmm0S3/ZEeGoXz1x/kQUoohYMf4ormOZwO+XL/9aVvj569t8siykGa0u15vAl2JASbHdGtzccD7V/3sz9rW5lLGq+ZsdU4n9r0opwSwlr6dSkWmv2OC8joSxwGWVbZREWi5j0vf/F76WjTSNHIruJpeST476UFBVrh633cwRoJoyDkuvM2lpze1WGBLKqk/kmGcnpBsjdDLGDKHgxlou3BstBjuq6nYaFAV1zHCc9SyM0KmZs8UJ5TX/3vnpxCyCMbcz9mGYU8Z+6eKVLG3xT7iWQsf1JZZMVwPUCAwEAAaOBgTB/MB0GA1UdDgQWBBRQc0tKrMgUvO6ne29Yfvp7U/28iDBQBgNVHSMESTBHgBRQc0tKrMgUvO6ne29Yfvp7U/28iKEkpCIwIDEeMBwGA1UEAxMVbG9jYWxob3N0LmxvY2FsZG9tYWluggkAqXCsVwB0dC0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAVn+5vniECIvs4IdW+Ix556daxP7mu7Xu1AoUxtMCXkwGovkuQvguabd+WAV2nQKVEdCC9b61mGQAueCHWaONGV2ZkMIHh5uoheiX8QAkbxjYijXlqS7bPbFW9faF8icrXg1rKuRTW/rt7WVL7FER/88zU65b5HCzyXfRrb48E4xBBpSc/QE/zgtHWqxeFG/+FJvJBRlXtxDZRWbLCy0HhZf0SvcPoQ1JqHI0lJC43RQzXrfo9GGVS34wb7Pi+6lYHVnh71zfypXXDrfzKzEJM+zwri6KX+BpSMV9pMqgqeew+Bp95+uKYTY4bnOixW/3X80t+2zMnJqPJ62UhHuKzw==-----END CERTIFICATE-----

The exception is as follows. It’s pretty clear, but also confusing because the certificate string has included both BEGIN and END. It seems to me very complete. Of course, the program does not lie and we have to trust it most of the time unless there is a bug.

Categories: Uncategorized Tags: , , ,

Three Ways to Get Certificate and Thumbprint from ESXi

January 2nd, 2014 1 comment

Happy New Year 2014!

When adding a new ESXi host to vCenter server via vSphere API, you can supply the certificate thumbprint of the ESXi server expected to have. Before calling the vSphere API, you can get the thumbprint directly or indirectly from the ESXi server to be added. Here are three different ways to do that. The first two approaches retrieve SSL certificate with which you can generate thumbprint.

Categories: Uncategorized Tags: ,