Before you configure the integration of vIDM with NSX, you must get the certificate thumbprint from the vIDM host.

You must use OpenSSL version 1.x or higher for the thumbprint. On a vIDM host of version 3.3.2 or earlier, the command openssl might be running an older version of OpenSSL. In that case, you must use the command openssl1. This command is only available on a vIDM host.
You can check your version of OpenSSL with the following command:
openssl version
On a server that is not the vIDM host, you can use the openssl command that is running OpenSSL version 1.x or later.

Procedure

  1. Log in at the vIDM host's console, or SSH to the vIDM host as the user sshuser, or log in to any server that can ping the vIDM host.
  2. Run one of the following commands to get the thumbprint of the vIDM host.
    • If you are logged in to a server that can ping the vIDM host, run the openssl command to get the thumbprint:
      openssl s_client -connect <FQDN of vIDM host>:443 < /dev/null 2> /dev/null | openssl x509 -sha256 -fingerprint -noout -in /dev/stdin
    • If you are logged in to the vIDM host, do one of the following:
      • If the OpenSSL version is 0.9.x or earlier, run the following command:
        openssl1 s_client -connect <FQDN of vIDM host>:443 < /dev/null 2> /dev/null | openssl x509 -sha256 -fingerprint -noout -in /dev/stdin

        If you get an error running the command, you might need to run openssl1 with the sudo command, that is, sudo openssl1 ....

      • If the OpenSSL version is 1.x or later, run the following command:
        openssl s_client -connect <FQDN of vIDM host>:443 < /dev/null 2> /dev/null | openssl x509 -sha256 -fingerprint -noout -in /dev/stdin

        If you get an error running the command, you might need to run openssl with the sudo command, that is, sudo openssl ....