1.5
Table Of Contents
- Installing Application Manager
- Contents
- Installing and Configuring Application Manager
- Introduction to Application Manager
- Security Considerations and System Requirements for Application Manager
- Preparing to Install Application Manager
- Installing Application Manager
- Configuring Application Manager with the Operator Setup Wizard
- Making Additional Application Manager Configurations
- Troubleshooting Application Manager
- Index
6 Deploy the certificate to each user machine.
For production rollout, multiple tools are available to deploy SSL certificates to user machines. For testing
with a limited number of users, users can install the SSL certificate themselves from an accessible location.
Copy the Self-Signed Application Manager SSL Certificate to Each Connector
Instance
If you have generated a self-signed Application Manager SSL certificate, you must copy the certificate to each
Connector instance associated with that Application Manager instance.
Prerequisites
n
Enable secure ports for Application Manager.
n
Enable secure ports for the Connector.
n
Generate a self-signed Application Manager SSL certificate.
Procedure
1 Access the Application Manager virtual appliance interface.
2 Select Login and log in to the Linux operating system with the appropriate credentials.
3 Enter the following Keytool command to access the certificate:keytool -list -
keystore /opt/vmware/horizon/horizoninstance/conf/tcserver.keystore -rfc -storepass changeme
4 Copy the text from BEGIN CERTIFICATE to END CERTIFICATE and save it to a file location such
as /tmp/cert.pem.
5 Use your method of choice to copy the file from the Application Manager virtual appliance to the
Connector virtual appliance, such as to the following location: /tmp/cert.pem.
Many methods are available for copying and moving files between systems, such as using the ssh
command.
6 In the Connector virtual appliance interface, issue commands to move the certificate to the common SUSE
certificate store while creating a symbolic link to the certificate file, such as the following:
cp /tmp/cert.pem /etc/ssl/certs/
c_rehash
7 In the Connector virtual appliance interface, enter the command below to import the certificate into the
Java keystore:
keytool -importcert -file /tmp/cert.pem -keystore /usr/java/jre-vmware/lib/security/cacerts -
storepass changeit
8 When asked if you trust this certificate, enter yes.
9 Restart the Connector Web server using the following command:
/etc/init.d/tcserver-c2 restart
NOTE If the command to import the certificate into the Java keystore fails with the following error:
:~ # keytool -importcert -file /tmp/cert.pem -keystore
/usr/java/jre-vmware/lib/security/cacerts -storepass changeit
keytool error: java.lang.Exception: Certificate not imported, alias <mykey> already exists
Delete the certificate with the alias mykey using the following command :~ # keytool -delete -alias
mykey -keystore /usr/java/jre-vmware/lib/security/cacerts -storepass changeit . Then run the
import command used in step 6 again.
Chapter 7 Making Additional Application Manager Configurations
VMware, Inc. 39