VMware {code} Community
ZackZhang
Contributor
Contributor
‎07-16-2013 07:35 PM

Does VCO Configuration Page have the option to import a keystore, or is there an API in vCO SDK to do it?

Hi,

1.png

    I know that the Network->SSL Trust Manager in vCO configuration page can be used to import SSL certificate. But now for the vco plugin that I'm using, I'll will need something more than that:

    My VCO plugin will talk to a REST service that runs on HTTPS with mutual authentication, meaning that the client (vco server) will also need a certificate and it will be used for authentication during the HTTPS connection.Now the REST service provider has generated a keystore file(including the private key and the certificate itself) for me.

    Now all I need to do is to import/upload it onto vCO server and make vCO server recognize it. My question is how I can do that. Instinctly I turned to the SSL Trust Manager page, I thought I could import a keystore file there like how we would normally import a TLS/SSL Certificate file. However, after I tried, I realized that doesn't seem to be the case.

    Also, If vCO doesn't provide a GUI to import a keystore, I wonder if vCO SDK has API to do that?

     Thanks in advance!

0 Kudos
2 Replies
krusolu
Contributor
Contributor
‎03-26-2014 04:51 PM

I have the same scenerio and need to know how to configure HTTP-REST to use a client certificate.  Did you discover if you could do this?

0 Kudos
LudicrousSpeed
Contributor
Contributor
‎03-28-2014 10:22 AM

Perhaps this may be of some use...

If vco 5.1 then issue is the support for ssl in the sdk which appears to not have SSL Configuration Methods as indicated in the Developing Plugins for vCenter Orchestrator. The ssl methods specified in the document are actually implemented in vco 5.5 with the o11n-plugin-sdk-tools.jar. You can pillage the jar (and dependenc(ies)) to bundle in your project. Then use as needed as specified in the doc ...

// Initialization

HttpsURLConnection.setDefaultSSLSocketFactory(PluginSSLSocketFactory.getDefault());

// Optionally

HttpsURLConnection.setDefaultHostnameVerifier(new PluginHostnameVerifier());

...

URLConnection conn = new URL("https://...").openConnection();

Note: You import the ssl certificate as you mentioned earlier using the GUI. The plugin just need to be told to recognize it using the proper ssl methods.

0 Kudos