5.2
Table Of Contents
- Obtaining SSL Certificates for VMware Horizon View Servers
- Contents
- Obtaining SSL Certificates for VMware Horizon View Servers
- Obtaining SSL Certificates from a Certificate Authority
- Index
What to do next
Configure the imported certificate to be used by a View server. See “Set Up an Imported Certificate for a View
Server,” on page 13.
Set Up an Imported Certificate for a View Server
After you import a server certificate into the Windows local computer certificate store, you must take additional
steps to allow a View server to use the certificate.
Procedure
1 Verify that the server certificate was imported successfully.
2 Change the certificate Friendly name to vdm.
3 Install the root CA certificate and intermediate CA certificate in the Windows certificate store.
4 Restart the View Connection Server service, security server service, or View Composer service to allow
the View service to start using the new certificates.
To perform the tasks in this procedure, see "Configure View Connection Server, Security Server, or View
Composer to Use a New SSL Certificate" in the VMware Horizon View Installation document. Follow the
instructions in these topics:
n
"Modify the Certificate Friendly Name"
n
"Import a Root Certificate and Intermediate Certificates into a Windows Certificate Store"
NOTE The VMware Horizon View Installation topic "Import a Signed Server Certificate into a Windows Certificate
Store" is not shown here because you already imported the server certificate by using the certreq utility. You
should not use the MMC Snap-in to import the server certificate again.
However, you can use the MMC Snap-in to import the root CA certificate and intermediate CA certificate into
the Windows certificate store, as described in the VMware Horizon View Installation document.
Convert a Certificate File to PKCS#12 Format
If you obtained a certificate and its private key in PEM or another format, you must convert it to PKCS#12
(PFX) format before you can import the certificate into a Windows certificate store on a View server host.
You might obtain a certificate keystore file from a CA, or your organization might provide you with certificate
files, in various formats. For example, your certificates might be in PEM format, which is often used in a Linux
environment. Your files might have a certificate file, key file, and CSR file with the following extensions:
server.crt
server.csr
server.key
The CRT file contains the SSL certificate that was returned by the CA. The CSR file is the original certificate
signing request file and is not needed. The KEY file contains the private key.
Prerequisites
Verify that OpenSSL is installed on the system. You can download openssl from http://www.openssl.org. To
run openssl from any directory on the system, see “Add openssl to the System Path,” on page 14.
Chapter 1 Obtaining SSL Certificates from a Certificate Authority
VMware, Inc. 13