On Windows VDDK 5.1 and 5.5 required the VerifySSLCertificates and InstallPath registry keys under

HKEY_LOCAL_MACHINE\SOFTWARE

to check SSL certificates. On Linux VDDK 5.1 and 5.5 required adding a line to the

VixDiskLib_InitEx

configuration file to set

linuxSSL.verifyCertificates

= 1.

As of VDDK 6.0 both SSL certificate verification and SSL thumbprint checking are mandatory and cannot be avoided. The Windows registry and Linux SSL setting are no longer checked, so neither has any effect.

Specifically VDDK 6.0 and later use X.509 certificates with TLS cryptography, replacing SSLv3.

The following library functions enforce SSL certificate checking:

InitEx

,

PrepareForAccess

,

EndAccess

,

GetNfcTicket

, and the

GetRpcConnection

interface that is used by all advanced transports. SSL verification may use thumbprints to check if two certificates are the same. The vSphere thumbprint is a cryptographic hash of a certificate obtained from a trusted source such as vCenter Server, and passed in the

SSLVerifyParam

structure of the NFC ticket.