7.0
Table Of Contents
- Using HTML Access
- Contents
- Using HTML Access
- Setup and Installation
- System Requirements for HTML Access
- Preparing View Connection Server and Security Servers for HTML Access
- Prepare Desktops, Pools, and Farms for HTML Access
- Configure HTML Access Agents to Use New SSL Certificates
- Configure HTML Access Agents to Use Specific Cipher Suites
- Configuring iOS to Use CA-Signed Certificates
- Upgrading the HTML Access Software
- Uninstall HTML Access from View Connection Server
- Data Collected by VMware
- Configuring HTML Access for End Users
- Using a Remote Desktop or Application
- Index
You can now access a remote desktop or application from a Web browser when you are using a client device
that does not or cannot have Horizon Client software installed in its operating system.
What to do next
For added security, if your security policies require that the Blast agent on the remote desktop uses an SSL
certificate from a certificate authority, see “Configure HTML Access Agents to Use New SSL Certificates,”
on page 14.
Configure HTML Access Agents to Use New SSL Certificates
To comply with industry or security regulations, you can replace the default SSL certificates that are
generated by the HTML Access Agent with certificates that are signed by a Certificate Authority (CA).
When you install the HTML Access Agent on View desktops, the HTML Access Agent service creates
default, self-signed certificates. The service presents the default certificates to browsers that use
HTML Access to connect to View.
NOTE In the guest operating system on the desktop virtual machine, this service is called the VMware Blast
service.
To replace the default certificates with signed certificates that you obtain from a CA, you must import a
certificate into the Windows local computer certificate store on each View desktop. You must also set a
registry value on each desktop that allows the HTML Access Agent to use the new certificate.
If you replace the default HTML Access Agent certificates with CA-signed certificates, VMware
recommends that you configure a unique certificate on each desktop. Do not configure a CA-signed
certificate on a parent virtual machine or template that you use to create a desktop pool. That approach
would result in hundreds or thousands of desktops with identical certificates.
Procedure
1 Add the Certificate Snap-In to MMC on a View Desktop on page 15
Before you can add certificates to the Windows local computer certificate store, you must add the
Certificate snap-in to the Microsoft Management Console (MMC) on the View desktops where the
HTML Access Agent is installed.
2 Import a Certificate for the HTML Access Agent into the Windows Certificate Store on page 15
To replace a default HTML Access Agent certificate with a CA-signed certificate, you must import the
CA-signed certificate into the Windows local computer certificate store. Perform this procedure on
each desktop where the HTML Access Agent is installed.
3 Import Root and Intermediate Certificates for the HTML Access Agent on page 16
If the root certificate and intermediate certificates in the certificate chain are not imported with the SSL
certificate that you imported for the HTML Access Agent, you must import these certificates into the
Windows local computer certificate store.
4 Set the Certificate Thumbprint in the Windows Registry on page 17
To allow the HTML Access Agent to use a CA-signed certificate that was imported into the Windows
certificate store, you must configure the certificate thumbprint in a Windows registry key. You must
take this step on each desktop on which you replace the default certificate with a CA-signed certificate.
Using HTML Access
14 VMware, Inc.