7.0
Table Of Contents
- Using HTML Access
- Contents
- Using HTML Access
- Setup and Installation
- System Requirements for HTML Access
- Preparing View Connection Server and Security Servers for HTML Access
- Prepare Desktops, Pools, and Farms for HTML Access
- Configure HTML Access Agents to Use New SSL Certificates
- Configure HTML Access Agents to Use Specific Cipher Suites
- Configuring iOS to Use CA-Signed Certificates
- Upgrading the HTML Access Software
- Uninstall HTML Access from View Connection Server
- Data Collected by VMware
- Configuring HTML Access for End Users
- Using a Remote Desktop or Application
- Index
Set the Certificate Thumbprint in the Windows Registry
To allow the HTML Access Agent to use a CA-signed certificate that was imported into the Windows
certificate store, you must configure the certificate thumbprint in a Windows registry key. You must take
this step on each desktop on which you replace the default certificate with a CA-signed certificate.
Prerequisites
Verify that the CA-signed certificate is imported into the Windows certificate store. See “Import a Certificate
for the HTML Access Agent into the Windows Certificate Store,” on page 15.
Procedure
1 In the MMC window on the View desktop where the HTML Access Agent is installed, navigate to the
Certificates (Local Computer) > Personal > Certificates folder.
2 Double-click the CA-signed certificate that you imported into the Windows certificate store.
3 In the Certificates dialog box, click the Details tab, scroll down, and select the Thumbprint icon.
4 Copy the selected thumbprint to a text file.
For example: 31 2a 32 50 1a 0b 34 b1 65 46 13 a8 0a 5e f7 43 6e a9 2c 3e
NOTE When you copy the thumbprint, do not to include the leading space. If you inadvertently paste
the leading space with the thumbprint into the registry key (in Step 7), the certificate might not be
configured successfully. This problem can occur even though the leading space is not displayed in the
registry value text box.
5 Start the Windows Registry Editor on the desktop where the HTML Access Agent is installed.
6 Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware Blast\Config registry key.
7 Modify the SslHash value and paste the certificate thumbprint into the text box.
8 Restart the VMware Blast service to make your changes take effect.
In the Windows guest operating system, the service for the HTML Access Agent is called VMware
Blast.
When a user connects to a desktop through HTML Access, the HTML Access Agent presents the CA-signed
certificate to the user's browser.
Configure HTML Access Agents to Use Specific Cipher Suites
You can configure the HTML Access Agent to use specific cipher suites instead of the default set of ciphers.
By default, the HTML Access Agent requires incoming SSL connections to use encryption based on certain
ciphers that provide strong protection against network eavesdropping and forgery. You can configure an
alternative list of ciphers for the HTML Access Agent to use. The set of acceptable ciphers is expressed in the
OpenSSL format. which is described at https://www.openssl.org/docs/apps/ciphers.html.
Procedure
1 Start the Windows Registry Editor on the desktop where the HTML Access Agent is installed.
2 Navigate to the HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware Blast\Config registry key.
3 Add a new String (REG_SZ) value, SslCiphers, and paste the cipher list in the OpenSSL format into the
text box.
Chapter 1 Setup and Installation
VMware, Inc. 17