Smarts NCM: How do new SSL Certification Bundles work? How are they deployed?
search cancel

Smarts NCM: How do new SSL Certification Bundles work? How are they deployed?

book

Article ID: 331267

calendar_today

Updated On:

Products

VMware Smart Assurance

Environment

VMware Smart Assurance - NCM

Resolution

How do new SSL Certification Bundles work in Smarts Network Configuration Manager (Smarts NCM) 9.1?
How are new SSL Certification Bundles deployed in Smarts NCM 9.1?




For SSL Certification Bundles, Smarts NCM 9.1 needs to generate a new Certificate Authority (CA) certificate and private key upon each installation, which is then used to sign the generated host web server certificate. To support Device Servers, both Application Servers (AS) and Device Servers (DS) need to share a common CA certificate and key. In earlier (pre-9.1) Smarts NCM versions, this CA certificate was hard coded. 

The process for deploying SSL Certification Bundles in Smarts NCM 9.1 is as follows: 

  1. A new certificate is generated upon every fresh installation on the Application Server and stored in a pkcs#12 (password protected file). 
  2. This pkcs#12 file needs to be copied to each of the device servers at install time.
  3. The DS installer will prompt for the file and password during installation.
  4. The DS will open the pkcs#12 file and use the shared CA certificate/key pair to sign the host web certificate.
  5. After this AS/DS communication will work as normal.