6.0
Table Of Contents
- Scenarios for Setting Up SSL Certificates for View
- Contents
- Scenarios for Setting Up SSL Connections to View
- Obtaining SSL Certificates from a Certificate Authority
- Off-loading SSL Connections to Intermediate Servers
- Import SSL Off-loading Servers' Certificates to View Servers
- Download an SSL Certificate from the Intermediate Server
- Download a Private Key from the Intermediate Server
- Convert a Certificate File to PKCS#12 Format
- Import a Signed Server Certificate into a Windows Certificate Store
- Modify the Certificate Friendly Name
- Import the Root and Intermediate Certificates into the Windows Certificate Store
- Set View Server External URLs to Point Clients to SSL Off-loading Servers
- Allow HTTP Connections From Intermediate Servers
- Import SSL Off-loading Servers' Certificates to View Servers
- Index
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication
;-----------------------------------------------
If an extra CR/LF character is added to the Subject = line when you copy and paste the text, delete the
CR/LF character.
2 Update the Subject attributes with appropriate values for your View server and deployment.
For example: CN=dept.company.com
NOTE Some CAs do not allow you to use abbreviations for the state attribute.
3 (Optional) Update the Keylength attribute.
The default value, 2048, is adequate unless you specifically need a different KeyLength size. Many CAs
require a minimum value of 2048. Larger key sizes are more secure but have a greater impact on
performance.
A KeyLength of 1024 is also supported, although the National Institute of Standards and Technology
(NIST) recommends against keys of this size, as computers continue to become more powerful and can
potentially crack stronger encryption.
IMPORTANT Do not generate a KeyLength value under 1024. Horizon Client for Windows will not
validate a certificate on a View server that was generated with a KeyLength under 1024, and the
Horizon Client devices will fail to connect to View. Certificate validations that are performed by View
Connection Server will also fail, resulting in the affected View servers showing as red in the View
Administrator dashboard.
4 Save the file as request.inf.
What to do next
Generate a CSR from the configuration file.
Generate a CSR and Request a Signed Certificate from a CA
Using the completed configuration file, you can generate a CSR by running the certreq utility. You send the
request to a third-party CA, which returns a signed certificate.
Prerequisites
n
Verify that you completed a CSR configuration file. See “Create a CSR Configuration File,” on page 9.
n
Perform the certreq operation described in this procedure on the computer where the CSR
configuration file is located.
Scenarios for Setting Up SSL Certificates for View
10 VMware, Inc.