6.1
Table Of Contents
- Scenarios for Setting Up SSL Certificates for View
- Contents
- Scenarios for Setting Up SSL Connections to View
- Obtaining SSL Certificates from a Certificate Authority
- Off-loading SSL Connections to Intermediate Servers
- Import SSL Off-loading Servers' Certificates to View Servers
- Download an SSL Certificate from the Intermediate Server
- Download a Private Key from the Intermediate Server
- Convert a Certificate File to PKCS#12 Format
- Import a Signed Server Certificate into a Windows Certificate Store
- Modify the Certificate Friendly Name
- Import the Root and Intermediate Certificates into the Windows Certificate Store
- Set View Server External URLs to Point Clients to SSL Off-loading Servers
- Allow HTTP Connections From Intermediate Servers
- Import SSL Off-loading Servers' Certificates to View Servers
- Index
Do not confuse load balancing with SSL off-loading. The preceding requirement applies to any device that is
configured to provide SSL off-loading, including some types of load balancers. However, pure load
balancing does not require copying of certificates between devices.
IMPORTANT The scenario described in the following topics shows one approach to the sharing of SSL
certificates between third-party components and VMware components. This approach may not suit
everyone and it is not the only way to perform the task.
1 Download an SSL Certificate from the Intermediate Server on page 16
You must download the CA-signed SSL certificate that is installed on the intermediate server so that it
can be imported into the external-facing View servers.
2 Download a Private Key from the Intermediate Server on page 17
You must download the private key that is associated with the SSL certificate on the intermediate
server. The private key must be imported with the certificate into the View servers.
3 Convert a Certificate File to PKCS#12 Format on page 18
If you obtained a certificate and its private key in PEM or another format, you must convert it to
PKCS#12 (PFX) format before you can import the certificate into a Windows certificate store on a View
server. PKCS#12 (PFX) format is required if you use the Certificate Import wizard in the Windows
certificate store.
4 Import a Signed Server Certificate into a Windows Certificate Store on page 18
You must import the SSL server certificate into the Windows local computer certificate store on the
Windows Server host on which the View Connection Server instance or security server service is
installed.
5 Modify the Certificate Friendly Name on page 19
To configure a View Connection Server instance or security server to recognize and use an SSL
certificate, you must modify the certificate Friendly name to vdm.
6 Import the Root and Intermediate Certificates into the Windows Certificate Store on page 20
You must import the root certificate and any intermediate certificates in the certificate chain into the
Windows local computer certificate store.
Download an SSL Certificate from the Intermediate Server
You must download the CA-signed SSL certificate that is installed on the intermediate server so that it can
be imported into the external-facing View servers.
Procedure
1 Connect to the intermediate server and find the SSL certificates that are presented to clients sending
HTTPS requests.
2 Find and download the SSL certificate that is used for View.
Example: Download an SSL Certificate from an F5 BIG-IP LTM System
This example uses F5 BIG-IP Local Traffic Manager (LTM) as an intermediate server. The example is
intended to give you a general idea of how you might download a certificate from your own intermediate
server.
IMPORTANT These steps are specific to F5 BIG-IP LTM and may not apply to new releases or other F5
products. The steps do not apply to other vendors' intermediate servers.
Scenarios for Setting Up SSL Certificates for View
16 VMware, Inc.