5.2
Table Of Contents
- Obtaining SSL Certificates for VMware Horizon View Servers
- Contents
- Obtaining SSL Certificates for VMware Horizon View Servers
- Obtaining SSL Certificates from a Certificate Authority
- Index
When you have a signed certificate in the proper format, you can import it into the Windows certificate store
and configure a View server to use it. To learn more about these tasks, see "Configuring SSL Certificates for
View Servers" in the VMware Horizon View Installation document.
Selecting the Correct Certificate Type
You can use various types of SSL certificates with View. Selecting the correct certificate type for your
deployment is critical. Different certificate types vary in cost, depending on the number of servers on which
they can be used.
Single Server Name Certificate
You can generate a certificate with a subject name for a specific server. For example: dept.company.com.
This type of certificate is useful if, for example, only one View Connection Server instance needs a certificate.
When you submit a certificate signing request to a CA, you provide the server name that will be associated
with the certificate. Be sure that the View server can resolve the server name you provide so that it matches
the name associated with the certificate.
Subject Alternative Names
A Subject Alternative Name (SAN) is an attribute that can be added to a certificate when it is being issued. You
use this attribute to add subject names (URLs) to a certificate so that it can validate more than one server.
For example, a certificate might be issued for a server with the host name dept.company.com. You intend the
certificate to be used by external users connecting to View through a security server. Before the certificate is
issued, you can add the SAN dept-int.company.com to the certificate to allow the certificate to be used on View
Connection Server instances or security servers behind a load balancer when tunnelling is enabled.
Wildcard Certificate
A wildcard certificate is generated so that it can be used for multiple services. For example: *.company.com.
A wildcard is useful if many servers need a certificate. If other applications in your environment in addition
to View need SSL certificates, you can use a wildcard certificate for those servers, too.
NOTE You can use a wildcard certificate only on a single level of domain. For example, a wildcard certificate
with the subject name *.company.com can be used for the subdomain dept.company.com but not
dept.it.company.com.
Generating a Certificate Signing Request and Obtaining a Certificate
with Microsoft Certreq
To make a certificate available to a View server, you must create a configuration file, generate a certificate
signing request (CSR) from the configuration file, and send the signing request to a CA. When the CA returns
the certificate, you must import the signed certificate into the Windows local computer certificate store on the
View server host, where it joins the previously generated private key.
A CSR can be generated in several ways, depending on how the certificate itself will be generated.
The Microsoft certreq utility is available on Windows Server 2008 R2 and can be used to generate a CSR and
import a signed certificate. If you intend to send a request to a third-party CA, using certreq is the quickest
and simplest way to obtain a certificate for VMware Horizon View.
Obtaining SSL Certificates for VMware Horizon View Servers
8 VMware, Inc.