Obtain the Thumbprints and CA Files of the vSphere Integrated Containers Appliance Certificates
If you do not provide custom certificates during deployment, the OVA installer generates certificates for the vSphere Integrated Containers Management Portal and the vSphere Integrated Containers file server. These certificates authenticate connections to the Getting Started page, vSphere Integrated Containers Management Portal, and the vSphere Integrated Containers Engine bundle and vSphere Client plug-in downloads. If you deploy the appliance with automatically generated certificates, the certificates are self-signed by an automatically generated Certificate Authority (CA).
The vSphere administrator obtains the thumbprints and CA files and passes them to other users who need to access the Getting Started page or the vSphere Integrated Containers Management Portal.
Procedure
- Use SSH to connect to the vSphere Integrated Containers appliance as
root
user.$ ssh root@vic_appliance_address
Use
openssl
to view the certificate fingerprint of the file server.The file server certificate authenticates access to the Getting Started page, including the downloads for the vSphere Integrated Containers Engine bundle and the vSphere Client plug-in.
openssl x509 -in /opt/vmware/fileserver/cert/server.crt -noout -sha1 -fingerprint
Use
openssl
to view the certificate fingerprint of the management portal.The management portal certificate authenticates access to the vSphere Integrated Containers Management Portal.
openssl x509 -in /data/admiral/cert/server.crt -noout -sha1 -fingerprint
Take a note of the two thumbprints and close the SSH session.
Use
scp
to copy the CA file for the file server to your local machine.scp root@vic_appliance_address:/opt/vmware/fileserver/cert/ca.crt /path/on/local_machine/folder1
Use
scp
to copy the CA file for the management portal to your local machine.scp root@vic_appliance_address:/data/admiral/cert/ca.crt /path/on/local_machine/folder2
Be sure to copy the two files to different locations, as they are both named
ca.crt
.
You can share the thumbprints and CA files with users who need to connect to the vSphere Integrated Containers Management Portal or downloads. For information about how to verify the thumbprints and trust the CAs, see Verify and Trust vSphere Integrated Containers Appliance Certificates.