VMware Cloud Community
neil_murphy
Enthusiast
Enthusiast
‎04-19-2016 03:27 AM

End Point Operations - choosing a certificate thumbprint for the Linux Agent

Hi,

I've been experimenting with EPO in my home lab and came across something interesting. The documentation states that for a Windows system the thumbprint used should be the second one listed when looking in the vROPs administration interface:

To view the certificate thumbprint value, log into the vRealize Operations Manager Administration interface at https://IP Address/admin and click the SSL Certificate icon located on the right of the menu bar. Unless you replaced the original certificate with a custom certificate, the second thumbprint in the list is the correct one. If you did upload a custom certificate, the first thumbprint in the list is the correct one.

(vRealize Operations Manager 6.2 Documentation Center)

This is the procedure I followed and it seems to work.

I then installed the agent on a CentOS 6 system using an RPM installation file. This method seems to interrogate the vROPs appliance and pulls back a thumbprint to use. This defaults to the first thumbprint in the list. This also seems to work - but is it alright to leave it at the default?

Any comments? I've attached some screenshots.

Neil.

Preview file
84 KB
Preview file
170 KB
0 Kudos
4 Replies
Wayne1j
Contributor
Contributor
‎04-19-2016 07:51 AM

The windows compressed in-place-installation also uses an automatic polling method for the certificate.

It works just fine to leave it this way, as noted in the linked article this will pull in your custom certificate if you use one.

neil_murphy
Enthusiast
Enthusiast
‎04-21-2016 07:50 AM

Hi Wayne,

Thanks for the reply.

Here's the thing - I don't have a custom cert installed and yet I still see two certs listed, so they must be both automatically generated, self-signed certs. Any documentation or blogs that I've read say that in this case I should use the second cert in the list. But the Linux install pulls back the first one in the list. Contrary to the received wisdom, it seems to work fine.

I'm going to continue following the guidance and use the second cert, but I have to say I'm a bit confused.

Cheers,

Neil.

0 Kudos
BenJ_UAlb
Contributor
Contributor
‎08-17-2016 06:46 AM

Sorry to piggy-back!

Working in a nested lab, with the PCS and vCenter combined appliance.  vROps is monitoring my 1 ESXi 6.1 nested host.

I want to experiment with Application monitoring, but when I access the admin portal for vROps, and click the SSL certificate icon :smileycry:, I only see 1 certificate.

Should I use that one?

0 Kudos
mark_j
Virtuoso
Virtuoso
‎08-17-2016 10:27 AM

See my response here: https://communities.vmware.com/thread/541939

If you find this or any other answer useful please mark the answer as correct or helpful.
0 Kudos