Sample Exchange

 View Only

vCenter Server SSL and TLS Security Protocol Configuration Command line Tool 

Jul 08, 2016 07:50 AM

vCenter Server /  SSL Security Protocol Configuration – Command line utility 

script utility package on how to automatically enable or disable SSLv3 protocol for 5.0 VC, VCVA ports (50U3g onwards) 

Note:

  • Disabling SSLv3 protocol might break VC/ESXi product interoperability with other solutions. Please refer to compatibility guide, before proceeding.
  • Authentication proxy service (CAM), Autodeploy service and vSphere Update Manager (VUM) are out of scope for this tool.
  • First configure SSLv3 on vCenter Server and then proceed with the ESXi hosts.
  • While configuring SSLv3 protocol, follow the order like Inventory Service, vCenter Server, Web client, syslog, VUM, Autodeploy and other components, in case of distributed environments (for example, VC and Inventory service installed on different nodes).
  • Before configuring SSLv3  take snapshot as backup.
  • After SSLv3 configuration on VCVA, autodeply service might be seen as stopped. Restart the service and configure SSL for autodeploy service manuall by following the steps mentioned in KB- 2139396.
  • VC/ESXi Services shall be restarted automatically, as needed, after SSLv3 protocol configuration is done on services.
  • For SSLv3 configuration on ESXi services, script enables SSH on ESXi for logging into host via SSH connection and perform configuration changes for SSLv3 enablement/disablement. Once operation is complete, SSH service state is reverted to its original state.

vCenter server – SSL Security Protocol Configuration                     Command line utility

  1. Summary:

Command line utility to Enable/Disable SSLv3 protocol for all vCenter server services.

  1. Features:
  • Automatically modify the configuration files to disable/enable SSLv3 on all vCenter server services except Autodeploy, Authentication Proxy and Update Manager.
  • Script will take backup of all the configuration files before making any modifications. For example vpxd.cfg will be saved as vpxd-bak.cfg in the same directory.
  • Script will work for custom port, custom path and distributed environments.

 

  1. Prerequisites for running Utility on windows:
  • Install 64 bit Python of version 2.7.8 (Download from https://www.python.org/downloads/release/python-278/)

 

  1. How to run the Utility?
  • Windows vCenter Server:
    • Copy/Download the SecurityProtoMgmt50.zip to vCenter server.
    • Unzip on to local drive say C:\
    • Open a command prompt as an administrator and cd to the folder unzipped, i.e cd C:\SecurityProtoMgmt50
    • Run the script as below

C:\SecurityProtoMgmt50>python ssl_50.py

 

  • vCenter Server Appliance:
    • Copy/Download the SecurityProtoMgmt50.zip to vCenter Server Appliance host.
    • Unzip it to local drive say /root/
    • SSH to host and cd to the folder unzipped,

i.e cd /root/SecurityProtoMgmt50

  • Run the script as below

#python ssl_50.py

 

  1. Different options available with the script:
  • Enable SSLv3 on all vCenter server Ports
  • Disable SSLv3 on all vCenter server Ports
  • Scan protocols enabled on all vCenter server Ports

 


#OtherPlatform
#TLS1.2
#MIT
#SSLv3Disablement
#Python
#Security
#VcenterServer
#TLSenablement

Statistics
0 Favorited
0 Views
1 Files
0 Shares
0 Downloads
Attachment(s)
py file
vCenter-Server-SSL-and-TLS-Security-Protocol-Configuratio....py   35 KB   1 version
Uploaded - Apr 09, 2024

Tags and Keywords

Related Entries and Links

No Related Resource entered.