When you run
certool --gencert or certain other certificate initialization or management commands, the command reads all the values from a configuration file. You can edit the existing file, override the default configuration file with the
-–config=<file name> option, or override values on the command line.
The configuration file, certool.cfg, is located in the /usr/lib/vmware-vmca/share/config/ directory by default.
The file has several fields with the following default values:
Country = US Name= Acme Organization = AcmeOrg OrgUnit = AcmeOrg Engineering State = California Locality = Palo Alto IPAddress = 127.0.0.1 Email = firstname.lastname@example.org Hostname = server.acme.com
- Create a copy of the configuration file and edit the file. Use the --config command-line option to specify the file. Specify the full path to avoid path name issues.
/usr/lib/vmware-vmca/bin/certool -–gencert --config /tmp/myconfig.cfg
- Override individual values on the command line. For example, to override Locality, run this command:
/usr/lib/vmware-vmca/bin/certool -–gencert -–privkey=private.key –-Locality="Mountain View"
- For solution user certificates, the name is <sol_user name>@<domain> by convention, but you can change the name if a different convention is used in your environment.
- For machine SSL certificates, the FQDN of the machine is used.
VMCA allows only one DNSName (in the Hostname field) and no other Alias options. If the IP address is specified by the user, it is stored in SubAltName as well.