VMware {code} Community
ashutosh_sant
Contributor
Contributor

Query on static initialization block to trust all cerftificates in the plug-in service template code



If this is not the forum for this question, apologies in advance.


In the plug-in service template code, there is a static initialization block which trusts all certificates. It is recommended that this code be removed / disabled in actual production environment.


Is it mandatory to install a CA signed certificate in the vCenter 5.5 environment? Please correct me if I am wrong, but it does not seem to be the case. The vCenter setup can work very well with the self signed certificate that comes with vCenter setup. In case CA signed certificate is not installed and the static initialization block code is removed / disabled, the plug-in will not be able to communicate with the vCenter server.


Has anyone run into this issue? Or is the CA signed certificate always installed?


I was thinking of adding an environment variable or a new configuration parameter in webclient.properties depending on which to trust all certificates or not. Is this approach correct?


Thank you in advance for responses.


Regards,


Ashutosh

Reply
0 Kudos
2 Replies
laurentsd
VMware Employee
VMware Employee

The idea with this sample was to let people write their own code to trust certificates. Enclosed is a modified version of the sample which includes a SslThumbprintVerifier and ThumbprintTrustManager.  It should work with self-signed certificates as well, although no support should be expected with this code!  Thanks.

Reply
0 Kudos
ashutosh_sant
Contributor
Contributor



Thank you once again.


Regards,


Ashutosh

Reply
0 Kudos