TLS Implementation for VCM
TECHNICAL WHITE PAPER / 27
Appendix C: Managing the VCM UNIX Agent
Certificate Store
The VCM UNIX Agent certificate store is a protected data storage area that is designed to hold enterprise and collector
certificates for server authentication, and to hold the agent certificate and private key for mutual authentication.
Although this store is not encrypted, it is protected from simple viewing.
Much of the interaction with the VCM UNIX Agent certificate store is taken care of for the user. VCM UNIX installation
packages get updated with the enterprise certificate if one is specified when the collector is installed. This certificate is
automatically inserted into the certificate store during the VCM UNIX Agent installation process. Also, the user can
specify an alternate certificate directory during the VCM UNIX Agent installation if desired.
Additionally, if VCM Collector certificates are updated with extended begin/end dates, in many cases the new
certificate will be automatically added to the store.
Using CSI_ManageCertificateStore
The CSI_ManageCertificateStore command-line tool is provided for manual management of the VCM UNIX Agent
certificate store. It helps the user to view and modify the contents of the store.
The following documentation assumes the UNIX VCM agent was installed to the default location (/opt/CMAgent). If
this is not the case, please adjust the instructions accordingly to fit your installation.
Setting up the Command Line Environment for CSI_ManageCertificateStore
Typically, CSI_ManageCertificateStore is run as root, but it can also be run by any login that is a member of the
cfgsoft group.
To use CSI_ManageCertificateStore the following environment variables must be set:
LD_LIBRARY_PATH=/opt/CMAgent/CFC/3.0/lib:/opt/CMAgent/ThirdParty/1.0/lib:$ LD_
LIBRARY_PATH
export LD_LIBRARY_PATH
CSI_REGISTRY_PATH=/opt/CMAgent
export CSI_REGISTRY_PATH
PATH=/opt/CMAgent/CFC/3.0/bin:$PATH
export PATH
For HPUX platforms SHLIB_PATH is used in place of LD_LIBRARY_PATH.
For AIX platforms LIBPATH is used in place of LD_LIBRARY_PATH.