7.0
Table Of Contents
- Scenarios for Setting Up SSL Certificates for View
- Contents
- Scenarios for Setting Up SSL Connections to View
- Obtaining SSL Certificates from a Certificate Authority
- Off-loading SSL Connections to Intermediate Servers
- Import SSL Off-loading Servers' Certificates to View Servers
- Download an SSL Certificate from the Intermediate Server
- Download a Private Key from the Intermediate Server
- Convert a Certificate File to PKCS#12 Format
- Import a Signed Server Certificate into a Windows Certificate Store
- Modify the Certificate Friendly Name
- Import the Root and Intermediate Certificates into the Windows Certificate Store
- Set View Server External URLs to Point Clients to SSL Off-loading Servers
- Allow HTTP Connections From Intermediate Servers
- Import SSL Off-loading Servers' Certificates to View Servers
- Index
Generating a Certificate Signing Request and Obtaining a Certificate
with Microsoft Certreq
To make a certificate available to a View server, you must create a configuration file, generate a certificate
signing request (CSR) from the configuration file, and send the signing request to a CA. When the CA
returns the certificate, you must import the signed certificate into the Windows local computer certificate
store on the View server host, where it joins the previously generated private key.
A CSR can be generated in several ways, depending on how the certificate itself will be generated.
The Microsoft certreq utility is available on Windows Server 2008 R2 and can be used to generate a CSR
and import a signed certificate. If you intend to send a request to a third-party CA, using certreq is the
quickest and simplest way to obtain a certificate for View.
1 Create a CSR Configuration File on page 9
The Microsoft certreq utility uses a configuration file to generate a CSR. You must create a
configuration file before you can generate the request. Create the file and generate the CSR on the
Windows Server computer that hosts the View server that will use the certificate.
2 Generate a CSR and Request a Signed Certificate from a CA on page 11
Using the completed configuration file, you can generate a CSR by running the certreq utility. You
send the request to a third-party CA, which returns a signed certificate.
3 Verify That the CSR and Its Private Key Are Stored in the Windows Certificate Store on page 12
If you use the certreq utility to generate a CSR, the utility also generates an associated private key.
The utility stores the CSR and private key in the Windows local computer certificate store on the
computer on which you generated the CSR. You can confirm that the CSR and private key are
properly stored by using the Microsoft Management Console (MMC) Certificate snap-in.
4 Import a Signed Certificate by Using Certreq on page 13
When you have a signed certificate from a CA, you can import the certificate into the Windows local
computer certificate store on the View server host.
5 Set Up an Imported Certificate for a View Server on page 13
After you import a server certificate into the Windows local computer certificate store, you must take
additional steps to allow a View server to use the certificate.
Create a CSR Configuration File
The Microsoft certreq utility uses a configuration file to generate a CSR. You must create a configuration
file before you can generate the request. Create the file and generate the CSR on the Windows Server
computer that hosts the View server that will use the certificate.
Prerequisites
Gather the information that you need to fill out the configuration file. You must know the FQDN of the
View server and the organizational unit, organization, city, state, and country to complete the Subject name.
Procedure
1 Open a text editor and paste the following text, including the beginning and ending tags, into the file.
;----------------- request.inf -----------------
[Version]
Signature="$Windows NT$"
Chapter 1 Obtaining SSL Certificates from a Certificate Authority
VMware, Inc. 9