1.5
Table Of Contents
- Installing Application Manager
- Contents
- Installing and Configuring Application Manager
- Introduction to Application Manager
- Security Considerations and System Requirements for Application Manager
- Preparing to Install Application Manager
- Installing Application Manager
- Configuring Application Manager with the Operator Setup Wizard
- Making Additional Application Manager Configurations
- Troubleshooting Application Manager
- Index
The self-signed Application Manager certificate has been copied to the Connector, allowing Application
Manager and Connector to communicate using SSL.
What to do next
Use the Application Manager deployment to verify that SSL is functioning between Application Manager and
the Connector. If an SSL problem exists, when you use the Connector Web interface and provide the activation
code, the Connector displays an error message indicating that the Connector cannot connect to a specified
URL. See the troubleshooting section of Installing and Configuring the Connector.
Configure a Third-Party CA Certificate for Application Manager
The best practice is to configure a third-party CA certificate after you have configured a self-generated
certificate.
To obtain a signed third-party CA certificate, follow the Apache Tomcat SSL Configuration instructions with
the following exceptions: instead of editing the server.xml file and creating a keystore, use the Configure Web
Server option in the Application Manager virtual appliance interface to enable the secure option and to generate
an SSL certificate. The generated certificate is automatically placed in the existing keystore, so later you can
simply replace it with your signed third-party certificate. See detailed instructions below.
Prerequisites
During the proof-of-concept phase or test phase, generate an Application Manager SSL certificate. For more
information about the recommended phases of deployment, see “Trial, Test, and Production Deployment
Phases,” on page 7.
Procedure
1 If you have not yet generated a self-signed certificate, use the Application Manager virtual appliance
interface now to generate an SSL certificate.
2 Follow the Apache Tomcat SSL Configuration instructions to create a certificate signing request (CSR).
3 Send the certificate request to the certificate authority (CA) for signing.
IMPORTANT If you determine that a wildcard certificate suits your enterprise's requirements, communicate
to the CA that you require a wildcard certificate in the format CN=*.MyDomain.com. For example, if your
hostname is Org1.mydomain.com, request a certificate with CN=*.mydomain.com. If you use a wildcard
certificate, you can also use it as the SSL certificate for the Connector.
4 Use keytool to delete the certificate you generated so that you can replace it with the signed third-party
certificate.
5 Follow the Apache Tomcat SSL Configuration instructions to import the signed third-party certificate to
the keystore. Use the following keystore information.
Keystore Location /opt/vmware/horizon/horizoninstance/conf/tcserver.keystore
Keystore Alias tcserver
Keystore Password changeme
6 Use the Application Manager virtual appliance to restart the Apache Tomcat server.
a In the Application Manager virtual appliance interface, select Configure.
b Type the number to Manage Web Server.
c Type the number to Restart Tomcat.
Installing Application Manager
40 VMware, Inc.