5.2
Table Of Contents
- Obtaining SSL Certificates for VMware Horizon View Servers
- Contents
- Obtaining SSL Certificates for VMware Horizon View Servers
- Obtaining SSL Certificates from a Certificate Authority
- Index
1 Create a CSR Configuration File on page 9
The Microsoft certreq utility uses a configuration file to generate a CSR. You must create a configuration
file before you can generate the request. Create the file and generate the CSR on the Windows Server
computer that hosts the View server that will use the certificate.
2 Generate a CSR and Request a Signed Certificate from a CA on page 10
Using the completed configuration file, you can generate a CSR by running the certreq utility. You send
the request to a third-party CA, which returns a signed certificate.
3 Verify That the CSR and Its Private Key Are Stored in the Windows Certificate Store on page 11
If you use the certreq utility to generate a CSR, the utility also generates an associated private key. The
utility stores the CSR and private key in the Windows local computer certificate store on the computer
on which you generated the CSR. You can confirm that the CSR and private key are properly stored by
using the Microsoft Management Console (MMC) Certificate snap-in.
4 Import a Signed Certificate by Using Certreq on page 12
When you have a signed certificate from a CA, you can import the certificate into the Windows local
computer certificate store on the View server host.
5 Set Up an Imported Certificate for a View Server on page 13
After you import a server certificate into the Windows local computer certificate store, you must take
additional steps to allow a View server to use the certificate.
Create a CSR Configuration File
The Microsoft certreq utility uses a configuration file to generate a CSR. You must create a configuration file
before you can generate the request. Create the file and generate the CSR on the Windows Server computer
that hosts the View server that will use the certificate.
Procedure
1 Open a text editor and paste the following text, including the beginning and ending tags, into the file.
;----------------- request.inf -----------------
[Version]
Signature="$Windows NT$
[NewRequest]
Subject = "CN=
View_Server_FQDN
, OU=
Organizational_Unit
, O=
Organization
, L=
City
, S=
State
,
C=
Country
"
; Replace
View_Server_FQDN
with the FQDN of the View server.
; Replace the remaining Subject attributes.
KeySpec = 1
KeyLength = 2048
; KeyLength is usually chosen from 2048, 3072, or 4096. A KeyLength
; of 1024 is also supported, but it is not recommended.
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
Chapter 1 Obtaining SSL Certificates from a Certificate Authority
VMware, Inc. 9