SlideShare a Scribd company logo

Ssl slides

Download as PPTX, PDF
R
regnak2012
TechnologyEducation
1 of 7
vCenter – SSL Automation Tool ESXi Host – OpenSSL SRM – OpenSSL vBrownbag – Michael Russell @kerryspring2 kerryspring2@eircom.net
Resources #1  #vBrownBag US View SSL Certs with Shane Williford  http://professionalvmware.com/2012/12/vbrownbag-us-view-ssl-certs-with- shane-williford-coolsportoo/  #vBrownBag Follow-up How I learned to love the CSR with Jim Millard  http://professionalvmware.com/2013/05/vbrownbag-follow-up-how-i-learned- to-love-the-csr-with-jim-millard-millardjk/  vSphere 5.1 Hardening Guide - Official Release  http://communities.vmware.com/docs/DOC-22981  Windows OpenSSL distribution (ver 0.9.8)  http://slproweb.com/products/Win32OpenSSL.html  How to use trusted certificates with VMware vCenter Site Recovery Manager  http://communities.vmware.com/docs/DOC-11411
Resources #2  vCenter Certificate Automation Tool Download  https://my.vmware.com/group/vmware/get-download?downloadGroup=SSL-TOOL-101  Generating certificates for use with the VMware SSL Certificate Automation Tool  http://kb.vmware.com/kb/2044696  Deploying and using the SSL Certificate Automation Tool (& Known Issues)  http://kb.vmware.com/kb/2041600  Process for Replacing SSL Certificates - vSphere 5 (7 Parts) - Julian Wood  http://www.wooditwork.com/2011/11/30/vsphere-5-certificates-1-installing-a-root- certificate-authority-3/  vCenter 5.1 U1 installation including SSL replacement (15 Parts) - Derek Seaman  http://www.derekseaman.com/2012/09/vmware-vcenter-51-installation-part-1.html
SSL Automation Tool Notes  Microsoft Certificate Server SHA-1 vs SHA2-256  Duplicate Template – Windows Server 2003 Enterprise  Windows Server 2003 CA Server must be Enterprise Edition  Deploy Root Certificate to Servers with vCenter components  Generate chain.pem files from root64.cer & rui.crt  Add Extensions: Allow Encryption of User Data (vCenter/ESXi) /Client Authentication (SRM)  OpenSSL v 0.9.8 – Copy OpenSSL DLLs to binaries (/bin) dir  Certificate Tool vs vSphere Upgrades http://kb.vmware.com/kb/2048202  SSO user is admin@system-domain  vCenter Database Password = ?  Update Manager installation – Register FQDN, not IP Address
ESXi Hosts – SSL Notes  ESXi Host HA Issues: http://kb.vmware.com/kb/2006210  perl HostReconnect.pl --server <ip address> --username administrator@lab.local  vMA permit Winscp: http://communities.vmware.com/message/2020784 sudo vi /etc/host.allow add the following line; sshd: ALL: ALLOW then save the file :WQ!  OpenSSL Commands to generate CSR:  openssl req -new -nodes -out rui.csr -keyout rui.key -config openssl.cfg  Drop rui.crt & rui.key into /etc/vmware/ssl
ESXi Hosts – OpenSSL.cfg  default_bits = 2048 (Change from 1024)  default_keyfile = rui.key (Change from privkey.pem)  req_extensions = v3_req (Remove # at start of line)  countryName_default = IE (Update to your Country Code)  stateOrProvinceName_default = Leinster (Update)  localityName_default = Dublin (Add & Update)  0.organizationName_default = Lab (Update to your Company Name)  organizationalUnitName_default = IT (Update & Remove # at start of line)  [ v3_req]  subjectAltName = @alt_names (Add this under “keyUsage =“ line)  [alt_names]  DNS.1 = iedubdc2esx01.lab.local (Use FQDN here)  DNS.2 = iedubdc2esx01 (Use Shorter Netbios Name here)
SRM – OpenSSL.cfg  OpenSSL Command to export certificate file for SRM:  openssl pkcs12 -export -in rui.crt -inkey rui.key -name rui - passout pass:testpassword -out rui.p12  OpenSSL.cfg changes:  [ v3_req]  extendedKeyUsage = serverAuth, clientAuth (Add under “keyUsage =“ entry)  [alt_names]  DNS.1 = iedubdc2vc01.lab.local (Use FQDN of SRM Server here)  DNS.2 = iedubdc2esx01 (Delete this line)

Recommended

WebSockets - Today, in the Past, in Future and in Production.
WebSockets - Today, in the Past, in Future and in Production.WebSockets - Today, in the Past, in Future and in Production.
WebSockets - Today, in the Past, in Future and in Production.bodokaiser
 
Links todwnload
Links todwnloadLinks todwnload
Links todwnloadMeenakshi Chandrasekaran
 
论文答辩
论文答辩论文答辩
论文答辩wensheng wei
 
Ruby and Framework Security
Ruby and Framework SecurityRuby and Framework Security
Ruby and Framework SecurityCreston Jamison
 
Config websocket on apache
Config websocket on apacheConfig websocket on apache
Config websocket on apachebaran19901990
 
WSF PHP 2 Webinar Sep 2008
WSF PHP 2 Webinar Sep 2008WSF PHP 2 Webinar Sep 2008
WSF PHP 2 Webinar Sep 2008WSO2
 
Getting Started with CloudScript
Getting Started with CloudScriptGetting Started with CloudScript
Getting Started with CloudScriptNephoScale
 
Connections & Ports in Veeam Backup & Replication v5
Connections & Ports in Veeam Backup & Replication v5Connections & Ports in Veeam Backup & Replication v5
Connections & Ports in Veeam Backup & Replication v5Dudley Smith
 

Recommended

WebSockets - Today, in the Past, in Future and in Production.
WebSockets - Today, in the Past, in Future and in Production.WebSockets - Today, in the Past, in Future and in Production.
WebSockets - Today, in the Past, in Future and in Production.bodokaiser
 
Links todwnload
Links todwnloadLinks todwnload
Links todwnloadMeenakshi Chandrasekaran
 
论文答辩
论文答辩论文答辩
论文答辩wensheng wei
 
Ruby and Framework Security
Ruby and Framework SecurityRuby and Framework Security
Ruby and Framework SecurityCreston Jamison
 
Config websocket on apache
Config websocket on apacheConfig websocket on apache
Config websocket on apachebaran19901990
 
WSF PHP 2 Webinar Sep 2008
WSF PHP 2 Webinar Sep 2008WSF PHP 2 Webinar Sep 2008
WSF PHP 2 Webinar Sep 2008WSO2
 
Getting Started with CloudScript
Getting Started with CloudScriptGetting Started with CloudScript
Getting Started with CloudScriptNephoScale
 
Connections & Ports in Veeam Backup & Replication v5
Connections & Ports in Veeam Backup & Replication v5Connections & Ports in Veeam Backup & Replication v5
Connections & Ports in Veeam Backup & Replication v5Dudley Smith
 
Oracle obiee-11-installation-guide 11.1.1.6.0
Oracle obiee-11-installation-guide 11.1.1.6.0Oracle obiee-11-installation-guide 11.1.1.6.0
Oracle obiee-11-installation-guide 11.1.1.6.0Aadiseshu Immadisetty
 
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit ModeSetting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit ModeDhruv Sharma
 
Webmin configuration in Linux
Webmin configuration in LinuxWebmin configuration in Linux
Webmin configuration in LinuxThamizharasan P
 
Docker
DockerDocker
DockerJo Ee Liew
 
Guidlines sitecore9 installation
Guidlines sitecore9 installationGuidlines sitecore9 installation
Guidlines sitecore9 installationPRADEEP GUPTA
 
WebSockets On Fire
WebSockets On FireWebSockets On Fire
WebSockets On FireJef Claes
 
WordPress security for everyone
WordPress security for everyoneWordPress security for everyone
WordPress security for everyoneVladimír Smitka
 
How HTTP/2 will change the web as we know it
How HTTP/2 will change the web as we know itHow HTTP/2 will change the web as we know it
How HTTP/2 will change the web as we know itNils De Moor
 
Squid
SquidSquid
SquidChirag Gupta
 
Top 12 php frameworks 2016
Top 12 php frameworks 2016Top 12 php frameworks 2016
Top 12 php frameworks 2016ValueCoders
 
Mike MacCana - Deploying your JS app in 2018
Mike MacCana - Deploying your JS app in 2018 Mike MacCana - Deploying your JS app in 2018
Mike MacCana - Deploying your JS app in 2018 OdessaJS Conf
 
Clouldera Implementation Guide for Production Deployments
Clouldera Implementation Guide for Production DeploymentsClouldera Implementation Guide for Production Deployments
Clouldera Implementation Guide for Production DeploymentsAhmed Mekawy
 
Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014
Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014
Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014Vlad Lasky
 
Enhancing Mobile User Experience with WebSocket
Enhancing Mobile User Experience with WebSocketEnhancing Mobile User Experience with WebSocket
Enhancing Mobile User Experience with WebSocketMauricio "Maltron" Leal
 
SOA with C, C++, PHP and more
SOA with C, C++, PHP and moreSOA with C, C++, PHP and more
SOA with C, C++, PHP and moreWSO2
 
Percona University - ProxySQL para MySQL
Percona University - ProxySQL para MySQLPercona University - ProxySQL para MySQL
Percona University - ProxySQL para MySQLMarcelo Altmann
 
Mobile Activesync Russian Roulette - Kiwicon 09
Mobile Activesync Russian Roulette - Kiwicon 09Mobile Activesync Russian Roulette - Kiwicon 09
Mobile Activesync Russian Roulette - Kiwicon 09deathflu
 
DB Floripa - ProxySQL para MySQL
DB Floripa - ProxySQL para MySQLDB Floripa - ProxySQL para MySQL
DB Floripa - ProxySQL para MySQLMarcelo Altmann
 
EvasionTechniques
EvasionTechniquesEvasionTechniques
EvasionTechniquesCandan BOLUKBAS
 
WebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
WebSockets: The Current State of the Most Valuable HTML5 API for Java DevelopersWebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
WebSockets: The Current State of the Most Valuable HTML5 API for Java DevelopersViktor Gamov
 
Photography best work december
Photography best work decemberPhotography best work december
Photography best work decemberjojoycexxx
 
Media development diary word
Media development diary wordMedia development diary word
Media development diary wordjojoycexxx
 

More Related Content

What's hot

Oracle obiee-11-installation-guide 11.1.1.6.0
Oracle obiee-11-installation-guide 11.1.1.6.0Oracle obiee-11-installation-guide 11.1.1.6.0
Oracle obiee-11-installation-guide 11.1.1.6.0Aadiseshu Immadisetty
 
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit ModeSetting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit ModeDhruv Sharma
 
Webmin configuration in Linux
Webmin configuration in LinuxWebmin configuration in Linux
Webmin configuration in LinuxThamizharasan P
 
Guidlines sitecore9 installation
Guidlines sitecore9 installationGuidlines sitecore9 installation
Guidlines sitecore9 installationPRADEEP GUPTA
 
WebSockets On Fire
WebSockets On FireWebSockets On Fire
WebSockets On FireJef Claes
 
WordPress security for everyone
WordPress security for everyoneWordPress security for everyone
WordPress security for everyoneVladimír Smitka
 
How HTTP/2 will change the web as we know it
How HTTP/2 will change the web as we know itHow HTTP/2 will change the web as we know it
How HTTP/2 will change the web as we know itNils De Moor
 
Top 12 php frameworks 2016
Top 12 php frameworks 2016Top 12 php frameworks 2016
Top 12 php frameworks 2016ValueCoders
 
Mike MacCana - Deploying your JS app in 2018
Mike MacCana - Deploying your JS app in 2018 Mike MacCana - Deploying your JS app in 2018
Mike MacCana - Deploying your JS app in 2018 OdessaJS Conf
 
Clouldera Implementation Guide for Production Deployments
Clouldera Implementation Guide for Production DeploymentsClouldera Implementation Guide for Production Deployments
Clouldera Implementation Guide for Production DeploymentsAhmed Mekawy
 
Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014
Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014
Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014Vlad Lasky
 
Enhancing Mobile User Experience with WebSocket
Enhancing Mobile User Experience with WebSocketEnhancing Mobile User Experience with WebSocket
Enhancing Mobile User Experience with WebSocketMauricio "Maltron" Leal
 
SOA with C, C++, PHP and more
SOA with C, C++, PHP and moreSOA with C, C++, PHP and more
SOA with C, C++, PHP and moreWSO2
 
Percona University - ProxySQL para MySQL
Percona University - ProxySQL para MySQLPercona University - ProxySQL para MySQL
Percona University - ProxySQL para MySQLMarcelo Altmann
 
Mobile Activesync Russian Roulette - Kiwicon 09
Mobile Activesync Russian Roulette - Kiwicon 09Mobile Activesync Russian Roulette - Kiwicon 09
Mobile Activesync Russian Roulette - Kiwicon 09deathflu
 
DB Floripa - ProxySQL para MySQL
DB Floripa - ProxySQL para MySQLDB Floripa - ProxySQL para MySQL
DB Floripa - ProxySQL para MySQLMarcelo Altmann
 
WebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
WebSockets: The Current State of the Most Valuable HTML5 API for Java DevelopersWebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
WebSockets: The Current State of the Most Valuable HTML5 API for Java DevelopersViktor Gamov
 

What's hot (20)

Oracle obiee-11-installation-guide 11.1.1.6.0
Oracle obiee-11-installation-guide 11.1.1.6.0Oracle obiee-11-installation-guide 11.1.1.6.0
Oracle obiee-11-installation-guide 11.1.1.6.0
 
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit ModeSetting up Cisco WSA Proxy in Transparent and Explicit Mode
Setting up Cisco WSA Proxy in Transparent and Explicit Mode
 
Webmin configuration in Linux
Webmin configuration in LinuxWebmin configuration in Linux
Webmin configuration in Linux
 
Docker
DockerDocker
Docker
 
Guidlines sitecore9 installation
Guidlines sitecore9 installationGuidlines sitecore9 installation
Guidlines sitecore9 installation
 
WebSockets On Fire
WebSockets On FireWebSockets On Fire
WebSockets On Fire
 
WordPress security for everyone
WordPress security for everyoneWordPress security for everyone
WordPress security for everyone
 
How HTTP/2 will change the web as we know it
How HTTP/2 will change the web as we know itHow HTTP/2 will change the web as we know it
How HTTP/2 will change the web as we know it
 
Squid
SquidSquid
Squid
 
Top 12 php frameworks 2016
Top 12 php frameworks 2016Top 12 php frameworks 2016
Top 12 php frameworks 2016
 
Mike MacCana - Deploying your JS app in 2018
Mike MacCana - Deploying your JS app in 2018 Mike MacCana - Deploying your JS app in 2018
Mike MacCana - Deploying your JS app in 2018
 
Clouldera Implementation Guide for Production Deployments
Clouldera Implementation Guide for Production DeploymentsClouldera Implementation Guide for Production Deployments
Clouldera Implementation Guide for Production Deployments
 
Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014
Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014
Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014
 
Enhancing Mobile User Experience with WebSocket
Enhancing Mobile User Experience with WebSocketEnhancing Mobile User Experience with WebSocket
Enhancing Mobile User Experience with WebSocket
 
SOA with C, C++, PHP and more
SOA with C, C++, PHP and moreSOA with C, C++, PHP and more
SOA with C, C++, PHP and more
 
Percona University - ProxySQL para MySQL
Percona University - ProxySQL para MySQLPercona University - ProxySQL para MySQL
Percona University - ProxySQL para MySQL
 
Mobile Activesync Russian Roulette - Kiwicon 09
Mobile Activesync Russian Roulette - Kiwicon 09Mobile Activesync Russian Roulette - Kiwicon 09
Mobile Activesync Russian Roulette - Kiwicon 09
 
DB Floripa - ProxySQL para MySQL
DB Floripa - ProxySQL para MySQLDB Floripa - ProxySQL para MySQL
DB Floripa - ProxySQL para MySQL
 
EvasionTechniques
EvasionTechniquesEvasionTechniques
EvasionTechniques
 
WebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
WebSockets: The Current State of the Most Valuable HTML5 API for Java DevelopersWebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
WebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
 

Viewers also liked

Photography best work december
Photography best work decemberPhotography best work december
Photography best work decemberjojoycexxx
 
Media development diary word
Media development diary wordMedia development diary word
Media development diary wordjojoycexxx
 
Web economy, start up nel 2013.
Web economy, start up nel 2013.Web economy, start up nel 2013.
Web economy, start up nel 2013.Livia Bosi
 
Main task and intial ideas media
Main task and intial ideas mediaMain task and intial ideas media
Main task and intial ideas mediajojoycexxx
 
Television sponsorship
Television sponsorship Television sponsorship
Television sponsorship jojoycexxx
 
Best work photog
Best work photogBest work photog
Best work photogjojoycexxx
 
Presentation1bestwork
Presentation1bestworkPresentation1bestwork
Presentation1bestworkjojoycexxx
 
Textual analysis powerpoint media
Textual analysis powerpoint mediaTextual analysis powerpoint media
Textual analysis powerpoint mediajojoycexxx
 
Tv advert powerpoint
Tv advert powerpointTv advert powerpoint
Tv advert powerpointjojoycexxx
 
L’efficacia e la diffusione degli strumenti 2.0 nella piccola e media impresa...
L’efficacia e la diffusione degli strumenti 2.0 nella piccola e media impresa...L’efficacia e la diffusione degli strumenti 2.0 nella piccola e media impresa...
L’efficacia e la diffusione degli strumenti 2.0 nella piccola e media impresa...Livia Bosi
 
Introduction to spelling strategies- 17418838
Introduction to spelling strategies- 17418838Introduction to spelling strategies- 17418838
Introduction to spelling strategies- 17418838Erin Holloway
 
History of television advertisments
History of television advertismentsHistory of television advertisments
History of television advertismentsjojoycexxx
 
Codal analysis
Codal analysis Codal analysis
Codal analysis jojoycexxx
 
Web Runners - Imprese 2.0
Web Runners - Imprese 2.0Web Runners - Imprese 2.0
Web Runners - Imprese 2.0Livia Bosi
 
Webbing Rank Cities
Webbing Rank CitiesWebbing Rank Cities
Webbing Rank CitiesLivia Bosi
 
Projectproposal1
Projectproposal1Projectproposal1
Projectproposal1jojoycexxx
 

Viewers also liked (19)

Photography best work december
Photography best work decemberPhotography best work december
Photography best work december
 
Media development diary word
Media development diary wordMedia development diary word
Media development diary word
 
Themes 17418838
Themes 17418838Themes 17418838
Themes 17418838
 
Web economy, start up nel 2013.
Web economy, start up nel 2013.Web economy, start up nel 2013.
Web economy, start up nel 2013.
 
Plan
PlanPlan
Plan
 
Main task and intial ideas media
Main task and intial ideas mediaMain task and intial ideas media
Main task and intial ideas media
 
Television sponsorship
Television sponsorship Television sponsorship
Television sponsorship
 
Best work photog
Best work photogBest work photog
Best work photog
 
Presentation1bestwork
Presentation1bestworkPresentation1bestwork
Presentation1bestwork
 
Textual analysis powerpoint media
Textual analysis powerpoint mediaTextual analysis powerpoint media
Textual analysis powerpoint media
 
Themes
ThemesThemes
Themes
 
Tv advert powerpoint
Tv advert powerpointTv advert powerpoint
Tv advert powerpoint
 
L’efficacia e la diffusione degli strumenti 2.0 nella piccola e media impresa...
L’efficacia e la diffusione degli strumenti 2.0 nella piccola e media impresa...L’efficacia e la diffusione degli strumenti 2.0 nella piccola e media impresa...
L’efficacia e la diffusione degli strumenti 2.0 nella piccola e media impresa...
 
Introduction to spelling strategies- 17418838
Introduction to spelling strategies- 17418838Introduction to spelling strategies- 17418838
Introduction to spelling strategies- 17418838
 
History of television advertisments
History of television advertismentsHistory of television advertisments
History of television advertisments
 
Codal analysis
Codal analysis Codal analysis
Codal analysis
 
Web Runners - Imprese 2.0
Web Runners - Imprese 2.0Web Runners - Imprese 2.0
Web Runners - Imprese 2.0
 
Webbing Rank Cities
Webbing Rank CitiesWebbing Rank Cities
Webbing Rank Cities
 
Projectproposal1
Projectproposal1Projectproposal1
Projectproposal1
 

Similar to Ssl slides

Making the secure communication between Server and Client with https protocol
Making the secure communication between Server and Client with https protocolMaking the secure communication between Server and Client with https protocol
Making the secure communication between Server and Client with https protocolArmenuhi Abramyan
 
SQL Server Exploitation, Escalation, Pilfering - AppSec USA 2012
SQL Server Exploitation, Escalation, Pilfering - AppSec USA 2012SQL Server Exploitation, Escalation, Pilfering - AppSec USA 2012
SQL Server Exploitation, Escalation, Pilfering - AppSec USA 2012Scott Sutherland
 
Automating Azure VMs with PowerShell
Automating Azure VMs with PowerShellAutomating Azure VMs with PowerShell
Automating Azure VMs with PowerShellAlexander Feschenko
 
Nginx - The webserver you might actually like
Nginx - The webserver you might actually likeNginx - The webserver you might actually like
Nginx - The webserver you might actually likeEdorian
 
OWASP San Diego Training Presentation
OWASP San Diego Training PresentationOWASP San Diego Training Presentation
OWASP San Diego Training Presentationowaspsd
 
four issues I encountered deploying vCenter and SRM 5.5 in a Windows environment
four issues I encountered deploying vCenter and SRM 5.5 in a Windows environmentfour issues I encountered deploying vCenter and SRM 5.5 in a Windows environment
four issues I encountered deploying vCenter and SRM 5.5 in a Windows environmentAngelo Luciani
 
Remote Control WordPress
Remote Control WordPressRemote Control WordPress
Remote Control WordPressEdmund Turbin
 
Poodle sha2 open mic
Poodle sha2 open micPoodle sha2 open mic
Poodle sha2 open micRahul Kumar
 
Building virtualised CloudStack test environments
Building virtualised CloudStack test environmentsBuilding virtualised CloudStack test environments
Building virtualised CloudStack test environmentsShapeBlue
 
VMworld 2013: The Story Behind Designing and Building a Distributed Automatio...
VMworld 2013: The Story Behind Designing and Building a Distributed Automatio...VMworld 2013: The Story Behind Designing and Building a Distributed Automatio...
VMworld 2013: The Story Behind Designing and Building a Distributed Automatio...VMworld
 
Office Comunnications Server 2007 R2 Poster
Office Comunnications Server 2007 R2 PosterOffice Comunnications Server 2007 R2 Poster
Office Comunnications Server 2007 R2 PosterPaulo Freitas
 
Component pack 6006 install guide
Component pack 6006 install guideComponent pack 6006 install guide
Component pack 6006 install guideRoberto Boccadoro
 
HNazarianRes_Current_19Feb2015
HNazarianRes_Current_19Feb2015HNazarianRes_Current_19Feb2015
HNazarianRes_Current_19Feb2015Harry Nazarian
 
Poster vmware-management-with-vcli-5.0
Poster vmware-management-with-vcli-5.0Poster vmware-management-with-vcli-5.0
Poster vmware-management-with-vcli-5.0Fredy Ricse
 
Oracle virtual server-2-t0-3-upgrade
Oracle virtual server-2-t0-3-upgradeOracle virtual server-2-t0-3-upgrade
Oracle virtual server-2-t0-3-upgradeRavi Kumar Lanke
 
Cisco SDWAN - Components Deployment Workflow
Cisco SDWAN - Components Deployment WorkflowCisco SDWAN - Components Deployment Workflow
Cisco SDWAN - Components Deployment WorkflowFarooq Khan
 
VMware vCHS, Puppet, and Project Zombie - PuppetConf 2013
VMware vCHS, Puppet, and Project Zombie - PuppetConf 2013VMware vCHS, Puppet, and Project Zombie - PuppetConf 2013
VMware vCHS, Puppet, and Project Zombie - PuppetConf 2013Puppet
 
NGiNX, VHOSTS & SSL (let's encrypt)
NGiNX, VHOSTS & SSL (let's encrypt)NGiNX, VHOSTS & SSL (let's encrypt)
NGiNX, VHOSTS & SSL (let's encrypt)Marcel Cattaneo
 
Razor, the Provisioning Toolbox - PuppetConf 2014
Razor, the Provisioning Toolbox - PuppetConf 2014Razor, the Provisioning Toolbox - PuppetConf 2014
Razor, the Provisioning Toolbox - PuppetConf 2014Puppet
 

Similar to Ssl slides (20)

Making the secure communication between Server and Client with https protocol
Making the secure communication between Server and Client with https protocolMaking the secure communication between Server and Client with https protocol
Making the secure communication between Server and Client with https protocol
 
SQL Server Exploitation, Escalation, Pilfering - AppSec USA 2012
SQL Server Exploitation, Escalation, Pilfering - AppSec USA 2012SQL Server Exploitation, Escalation, Pilfering - AppSec USA 2012
SQL Server Exploitation, Escalation, Pilfering - AppSec USA 2012
 
Automating Azure VMs with PowerShell
Automating Azure VMs with PowerShellAutomating Azure VMs with PowerShell
Automating Azure VMs with PowerShell
 
Nginx - The webserver you might actually like
Nginx - The webserver you might actually likeNginx - The webserver you might actually like
Nginx - The webserver you might actually like
 
OWASP San Diego Training Presentation
OWASP San Diego Training PresentationOWASP San Diego Training Presentation
OWASP San Diego Training Presentation
 
Rhel5
Rhel5Rhel5
Rhel5
 
four issues I encountered deploying vCenter and SRM 5.5 in a Windows environment
four issues I encountered deploying vCenter and SRM 5.5 in a Windows environmentfour issues I encountered deploying vCenter and SRM 5.5 in a Windows environment
four issues I encountered deploying vCenter and SRM 5.5 in a Windows environment
 
Remote Control WordPress
Remote Control WordPressRemote Control WordPress
Remote Control WordPress
 
Poodle sha2 open mic
Poodle sha2 open micPoodle sha2 open mic
Poodle sha2 open mic
 
Building virtualised CloudStack test environments
Building virtualised CloudStack test environmentsBuilding virtualised CloudStack test environments
Building virtualised CloudStack test environments
 
VMworld 2013: The Story Behind Designing and Building a Distributed Automatio...
VMworld 2013: The Story Behind Designing and Building a Distributed Automatio...VMworld 2013: The Story Behind Designing and Building a Distributed Automatio...
VMworld 2013: The Story Behind Designing and Building a Distributed Automatio...
 
Office Comunnications Server 2007 R2 Poster
Office Comunnications Server 2007 R2 PosterOffice Comunnications Server 2007 R2 Poster
Office Comunnications Server 2007 R2 Poster
 
Component pack 6006 install guide
Component pack 6006 install guideComponent pack 6006 install guide
Component pack 6006 install guide
 
HNazarianRes_Current_19Feb2015
HNazarianRes_Current_19Feb2015HNazarianRes_Current_19Feb2015
HNazarianRes_Current_19Feb2015
 
Poster vmware-management-with-vcli-5.0
Poster vmware-management-with-vcli-5.0Poster vmware-management-with-vcli-5.0
Poster vmware-management-with-vcli-5.0
 
Oracle virtual server-2-t0-3-upgrade
Oracle virtual server-2-t0-3-upgradeOracle virtual server-2-t0-3-upgrade
Oracle virtual server-2-t0-3-upgrade
 
Cisco SDWAN - Components Deployment Workflow
Cisco SDWAN - Components Deployment WorkflowCisco SDWAN - Components Deployment Workflow
Cisco SDWAN - Components Deployment Workflow
 
VMware vCHS, Puppet, and Project Zombie - PuppetConf 2013
VMware vCHS, Puppet, and Project Zombie - PuppetConf 2013VMware vCHS, Puppet, and Project Zombie - PuppetConf 2013
VMware vCHS, Puppet, and Project Zombie - PuppetConf 2013
 
NGiNX, VHOSTS & SSL (let's encrypt)
NGiNX, VHOSTS & SSL (let's encrypt)NGiNX, VHOSTS & SSL (let's encrypt)
NGiNX, VHOSTS & SSL (let's encrypt)
 
Razor, the Provisioning Toolbox - PuppetConf 2014
Razor, the Provisioning Toolbox - PuppetConf 2014Razor, the Provisioning Toolbox - PuppetConf 2014
Razor, the Provisioning Toolbox - PuppetConf 2014
 

Recently uploaded

Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backElena Simperl
 
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»QADay
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Product School
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsPaul Groth
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Thierry Lestable
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoTAnalytics
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaRTTS
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀DianaGray10
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsVlad Stirbu
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...Sri Ambati
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsExpeed Software
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...Product School
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyJohn Staveley
 

Recently uploaded (20)

Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»
НАДІЯ ФЕДЮШКО БАЦ «Професійне зростання QA спеціаліста»
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Quantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIsQuantum Computing: Current Landscape and the Future Role of APIs
Quantum Computing: Current Landscape and the Future Role of APIs
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 

Ssl slides

  • 1. vCenter – SSL Automation Tool ESXi Host – OpenSSL SRM – OpenSSL vBrownbag – Michael Russell @kerryspring2 kerryspring2@eircom.net
  • 2. Resources #1  #vBrownBag US View SSL Certs with Shane Williford  http://professionalvmware.com/2012/12/vbrownbag-us-view-ssl-certs-with- shane-williford-coolsportoo/  #vBrownBag Follow-up How I learned to love the CSR with Jim Millard  http://professionalvmware.com/2013/05/vbrownbag-follow-up-how-i-learned- to-love-the-csr-with-jim-millard-millardjk/  vSphere 5.1 Hardening Guide - Official Release  http://communities.vmware.com/docs/DOC-22981  Windows OpenSSL distribution (ver 0.9.8)  http://slproweb.com/products/Win32OpenSSL.html  How to use trusted certificates with VMware vCenter Site Recovery Manager  http://communities.vmware.com/docs/DOC-11411
  • 3. Resources #2  vCenter Certificate Automation Tool Download  https://my.vmware.com/group/vmware/get-download?downloadGroup=SSL-TOOL-101  Generating certificates for use with the VMware SSL Certificate Automation Tool  http://kb.vmware.com/kb/2044696  Deploying and using the SSL Certificate Automation Tool (& Known Issues)  http://kb.vmware.com/kb/2041600  Process for Replacing SSL Certificates - vSphere 5 (7 Parts) - Julian Wood  http://www.wooditwork.com/2011/11/30/vsphere-5-certificates-1-installing-a-root- certificate-authority-3/  vCenter 5.1 U1 installation including SSL replacement (15 Parts) - Derek Seaman  http://www.derekseaman.com/2012/09/vmware-vcenter-51-installation-part-1.html
  • 4. SSL Automation Tool Notes  Microsoft Certificate Server SHA-1 vs SHA2-256  Duplicate Template – Windows Server 2003 Enterprise  Windows Server 2003 CA Server must be Enterprise Edition  Deploy Root Certificate to Servers with vCenter components  Generate chain.pem files from root64.cer & rui.crt  Add Extensions: Allow Encryption of User Data (vCenter/ESXi) /Client Authentication (SRM)  OpenSSL v 0.9.8 – Copy OpenSSL DLLs to binaries (/bin) dir  Certificate Tool vs vSphere Upgrades http://kb.vmware.com/kb/2048202  SSO user is admin@system-domain  vCenter Database Password = ?  Update Manager installation – Register FQDN, not IP Address
  • 5. ESXi Hosts – SSL Notes  ESXi Host HA Issues: http://kb.vmware.com/kb/2006210  perl HostReconnect.pl --server <ip address> --username administrator@lab.local  vMA permit Winscp: http://communities.vmware.com/message/2020784 sudo vi /etc/host.allow add the following line; sshd: ALL: ALLOW then save the file :WQ!  OpenSSL Commands to generate CSR:  openssl req -new -nodes -out rui.csr -keyout rui.key -config openssl.cfg  Drop rui.crt & rui.key into /etc/vmware/ssl
  • 6. ESXi Hosts – OpenSSL.cfg  default_bits = 2048 (Change from 1024)  default_keyfile = rui.key (Change from privkey.pem)  req_extensions = v3_req (Remove # at start of line)  countryName_default = IE (Update to your Country Code)  stateOrProvinceName_default = Leinster (Update)  localityName_default = Dublin (Add & Update)  0.organizationName_default = Lab (Update to your Company Name)  organizationalUnitName_default = IT (Update & Remove # at start of line)  [ v3_req]  subjectAltName = @alt_names (Add this under “keyUsage =“ line)  [alt_names]  DNS.1 = iedubdc2esx01.lab.local (Use FQDN here)  DNS.2 = iedubdc2esx01 (Use Shorter Netbios Name here)
  • 7. SRM – OpenSSL.cfg  OpenSSL Command to export certificate file for SRM:  openssl pkcs12 -export -in rui.crt -inkey rui.key -name rui - passout pass:testpassword -out rui.p12  OpenSSL.cfg changes:  [ v3_req]  extendedKeyUsage = serverAuth, clientAuth (Add under “keyUsage =“ entry)  [alt_names]  DNS.1 = iedubdc2vc01.lab.local (Use FQDN of SRM Server here)  DNS.2 = iedubdc2esx01 (Delete this line)