VMGuru

Securing your IT infrastructure is always an ongoing process. One of the best practices that VMware encourages is to renew the SSL keys used for communication between VMware products. The renewal of SSL keys periodically, helps to improve data security of your systems.

While reading this I was wondering what is the extended value of having SSL communication inside your own network? The answer is pretty simple, most theft of data comes from people who already have access to your network (Alex just gave me a perfect example this day about a Exchange administrator with rights he should not have).

So for administrators the SSL keys can be given to employees who actually need access to the data. The renewal of the SSL keys is a way to give administrators a process to keep the list of people who need access nice and tidy.

In the kb1008166 article VMware describes the best practices for handling SSL keys and how you can renew these.

The article also states that log files, which VMware might ask you about for support, can collect the SSL keys. In a recent security review VMware made, they concluded that these SSL keys aren’t used for support and therefore won’t be logged in newer versions of the logging tools. In the meantime it is recommended that after sending log files you renew the SSL keys.