Find the SSL Thumbprint of the Remote Plug-in Server

The remote plug-in sample has an embedded application server with a self-signed certificate that is used in encrypted communications. The certificate and its thumbprint are stored in a Java keystore file.

To register a remote plug-in with vCenter Server, you need to determine the thumbprint of the plug-in application server's identity certificate. You use this thumbprint in the arguments to the registration command.

Prerequisites

  • Before you can find the thumbprint of the application server, you must install the SDK and build the sample code.

  • Before you start the application server to find its thumbprint, you need access to its port in the firewall. The default port number is 8443. You can configure a different port number in the application.properties file.

Procedure

  1. In a shell window, change to the root directory of the remote plug-in sample and run the JAR file in the target directory.

    The command to run the plug-in JAR file requires several arguments, including the thumbprint, GUID, DNS name, and HTTPS port number of the vCenter Server instance. You can also specify --logging.path, which creates a subdirectory (if it does not already exist) and stores server log files in the subdirectory. Use a command similar to the following example, but substitute the details that pertain to your vCenter Server:

    java	-jar target/remote-plugin-sample-7.0.1.00000.jar \
  --logging.path=logdir \
  --vcenter.guid=223b94f2-af15-4613-5d1a-a278b19abc09 \
  --vcenter.thumbprint=274172e07a754b9811a4fb5fc45384a79a5c258d13fa1667185016f28685fc54 \
  --vcenter.fqdn=vcenter-1.example.com --vcenter.port=443

    The plug-in application server runs. It might take a few minutes to initialize, and the console displays a number of lines of output. When the server is ready, the console displays two lines saying Tomcat started and Started SpringbootApplication.

  2. Connect a browser to the application server, for example, using the URL of the plug-in manifest.

    The default URL for the manifest file is https://localhost:8443/sample-ui/plugin.json.

  3. Examine the certificate presented by the application server.

    The way to examine the certificate depends on the browser. For example, you can view a server certificate in Firefox by clicking the padlock icon next to the URL, then selecting More Information > View Certificate. The thumbprint is the field labelled SHA-256 Fingerprint.

    Note:

    A SHA-1 fingerprint is also supported, but SHA-1 is deprecated in favor of SHA-256.

  4. Save the certificate thumbprint to a text file.

    If the thumbprint contains colon separators, do not remove them. If the thumbprint contains spaces or other separators, replace them with colons. If the thumbprint has no separators, insert a colon after every two digits. This is the format accepted by vCenter Server when you register the plug-in server.

What to do next

Use the application server thumbprint when you register the plug-in with vCenter Server.