Tag Archives: certificate

A Little Known Security Feature in vCenter: Certificate Based Authentication

Although we are all familiar with the username and password based login to the VMware vSphere, it’s also possible to login into vSphere with just certificates. If you are a third party vendor, either IHV (independent hardware vendor) or ISV (independent software vendor), the certificate based login is actually a better and preferred alternative to the one using username and password.

Let me explain why it’s the case, and how it can be done painlessly.

Posted in vSphere API | Also tagged , , | Leave a comment

Setting Security Certificate: What VMware Did Not Tell You

In my last article, I discussed on the format requirement for Java APIs and how I found out the root cause and its solution. Even more mysterious is the format requirement of VMware vCenter as I discovered in another VMware related project, in which I needed to register an extension with vCenter and set up its certificate.

Posted in vSphere API | Also tagged , , | Leave a comment

Reading X.509 Certificate in Java: How to Handle Format Issue

I got into a very interesting problem while writing code to read a X.509 certificate. It’s a standard PEM encoded certificate (shown below) as you would find anywhere else.

-----BEGIN CERTIFICATE-----IBAgIJAKMIIDRTCCAi2gAwlwrFcAdHQtMA0GCSqGSIb3DQEBBQUAMCAxHjAcBgNVBAMTFWxvY2FsaG9zdC5sb2NhbGRvbWFpbjAeFw0xNDAyMjExMzM4NTBaFw0yNDAyMTkxMzM4NTBaMCAxHjAcBgNVBAMTFWxvY2FsaG9zdC5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPFUHIMCZdvngHxBhSPf2LezpXTzQ7cOsfv2G0xVBJjkYKfffLxKmm0S3/ZEeGoXz1x/kQUoohYMf4ormOZwO+XL/9aVvj569t8siykGa0u15vAl2JASbHdGtzccD7V/3sz9rW5lLGq+ZsdU4n9r0opwSwlr6dSkWmv2OC8joSxwGWVbZREWi5j0vf/F76WjTSNHIruJpeST476UFBVrh633cwRoJoyDkuvM2lpze1WGBLKqk/kmGcnpBsjdDLGDKHgxlou3BstBjuq6nYaFAV1zHCc9SyM0KmZs8UJ5TX/3vnpxCyCMbcz9mGYU8Z+6eKVLG3xT7iWQsf1JZZMVwPUCAwEAAaOBgTB/MB0GA1UdDgQWBBRQc0tKrMgUvO6ne29Yfvp7U/28iDBQBgNVHSMESTBHgBRQc0tKrMgUvO6ne29Yfvp7U/28iKEkpCIwIDEeMBwGA1UEAxMVbG9jYWxob3N0LmxvY2FsZG9tYWluggkAqXCsVwB0dC0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAVn+5vniECIvs4IdW+Ix556daxP7mu7Xu1AoUxtMCXkwGovkuQvguabd+WAV2nQKVEdCC9b61mGQAueCHWaONGV2ZkMIHh5uoheiX8QAkbxjYijXlqS7bPbFW9faF8icrXg1rKuRTW/rt7WVL7FER/88zU65b5HCzyXfRrb48E4xBBpSc/QE/zgtHWqxeFG/+FJvJBRlXtxDZRWbLCy0HhZf0SvcPoQ1JqHI0lJC43RQzXrfo9GGVS34wb7Pi+6lYHVnh71zfypXXDrfzKzEJM+zwri6KX+BpSMV9pMqgqeew+Bp95+uKYTY4bnOixW/3X80t+2zMnJqPJ62UhHuKzw==-----END CERTIFICATE-----

The exception is as follows. It’s pretty clear, but also confusing because the certificate string has included both BEGIN and END. It seems to me very complete. Of course, the program does not lie and we have to trust it most of the time unless there is a bug.

Posted in Uncategorized | Also tagged , , | 12 Responses

Three Ways to Get Certificate and Thumbprint from ESXi

Happy New Year 2014!

When adding a new ESXi host to vCenter server via vSphere API, you can supply the certificate thumbprint of the ESXi server expected to have. Before calling the vSphere API, you can get the thumbprint directly or indirectly from the ESXi server to be added. Here are three different ways to do that. The first two approaches retrieve SSL certificate with which you can generate thumbprint.

Posted in Uncategorized | Also tagged | 2 Responses

    My company has created products like vSearch ("Super vCenter"), vijavaNG APIs, EAM APIs, ICE tool. We also help clients with virtualization and cloud computing on customized development, training. Should you, or someone you know, need these products and services, please feel free to contact me: steve __AT__ doublecloud.org.

    Me: Steve Jin, VMware vExpert who authored the VMware VI and vSphere SDK by Prentice Hall, and created the de factor open source vSphere Java API while working at VMware engineering. Companies like Cisco, EMC, NetApp, HP, Dell, VMware, are among the users of the API and other tools I developed for their products, internal IT orchestration, and test automation.