5.2
Table Of Contents
- Obtaining SSL Certificates for VMware Horizon View Servers
- Contents
- Obtaining SSL Certificates for VMware Horizon View Servers
- Obtaining SSL Certificates from a Certificate Authority
- Index
Obtaining SSL Certificates from a
Certificate Authority 1
VMware strongly recommends that you configure SSL certificates that are signed by a valid Certificate
Authority (CA) for use by View Connection Server instances, security servers, and View Composer instances.
Default SSL certificates are generated when you install View Connection Server, security server, or View
Composer instances. Although you can use the default, self-signed certificates for testing purposes, replace
them as soon as possible. The default certificates are not signed by a CA. Use of certificates that are not signed
by a CA can allow untrusted parties to intercept traffic by masquerading as your server.
In a View environment, you should also replace the default certificate that is installed with vCenter Server
with a certificate that is signed by a CA. You can use openssl to perform this task for vCenter Server. For details,
see "Replacing vCenter Server Certificates" on the VMware Technical Papers site at
http://www.vmware.com/resources/techresources/.
This chapter includes the following topics:
n
“Determining If This Document Applies to You,” on page 7
n
“Selecting the Correct Certificate Type,” on page 8
n
“Generating a Certificate Signing Request and Obtaining a Certificate with Microsoft Certreq,” on
page 8
n
“Convert a Certificate File to PKCS#12 Format,” on page 13
Determining If This Document Applies to You
In View 5.1 and later, you configure certificates for View by importing the certificates into the Windows local
computer certificate store on the View server host.
Before you can import a certificate, you must generate a Certificate Signing Request (CSR) and obtain a valid,
signed certificate from a CA. If the CSR is not generated according to the example procedure described in this
document, the resulting certificate and its private key must be available in a PKCS#12 (formerly called PFX)
format file.
There are many ways to obtain SSL certificates from a CA. This document shows how to use the Microsoft
certreq utility to generate a CSR and make a certificate available to a View server. You can use another method
if you are familiar with the required tools, and they are installed on your server.
Use this document to solve the following problems:
n
You do not have SSL certificates that are signed by a CA, and you do not know how to obtain them
n
You have valid, signed SSL certificates, but they are not in PKCS#12 (PFX) format
If your organization provides you with SSL certificates that are signed by a CA, you can use these certificates.
Your organization can use a valid internal CA or a third-party, commercial CA. If your certificates are not in
PKCS#12 format, you must convert them. See “Convert a Certificate File to PKCS#12 Format,” on page 13.
VMware, Inc.
7