6.0
Table Of Contents
- Scenarios for Setting Up SSL Certificates for View
- Contents
- Scenarios for Setting Up SSL Connections to View
- Obtaining SSL Certificates from a Certificate Authority
- Off-loading SSL Connections to Intermediate Servers
- Import SSL Off-loading Servers' Certificates to View Servers
- Download an SSL Certificate from the Intermediate Server
- Download a Private Key from the Intermediate Server
- Convert a Certificate File to PKCS#12 Format
- Import a Signed Server Certificate into a Windows Certificate Store
- Modify the Certificate Friendly Name
- Import the Root and Intermediate Certificates into the Windows Certificate Store
- Set View Server External URLs to Point Clients to SSL Off-loading Servers
- Allow HTTP Connections From Intermediate Servers
- Import SSL Off-loading Servers' Certificates to View Servers
- Index
Verify That the CSR and Its Private Key Are Stored in the Windows Certificate
Store
If you use the certreq utility to generate a CSR, the utility also generates an associated private key. The
utility stores the CSR and private key in the Windows local computer certificate store on the computer on
which you generated the CSR. You can confirm that the CSR and private key are properly stored by using
the Microsoft Management Console (MMC) Certificate snap-in.
The private key must later be joined with the signed certificate to enable the certificate to be properly
imported and used by a View server.
Prerequisites
n
Verify that you generated a CSR by using the certreq utility and requested a signed certificate from a
CA. See “Generate a CSR and Request a Signed Certificate from a CA,” on page 10.
n
Familiarize yourself with the procedure for adding a Certificate snap-in to the Microsoft Management
Console (MMC). See "Add the Certificate Snap-in to MMC" in the chapter, "Configuring SSL Certificates
for View Servers," in the View Installation document.
Procedure
1 On the Windows Server computer, add the Certificate snap-in to MMC.
2 In the MMC window on the Windows Server computer, expand the Certificates (Local Computer)
node and select the Certificate Enrollment Request folder.
3 Expand the Certificate Enrollment Request folder and select the Certificates folder.
4 Verify that the certificate entry is displayed in the Certificates folder.
The Issued To and Issued By fields must show the domain name that you entered in the subject:CN
field of the request.inf file that was used to generate the CSR.
5 Verify that the certificate contains a private key by taking one of the following steps:
n
Verify that a yellow key appears on the certificate icon.
n
Double-click the certificate and verify that the following statement appears in the Certificate
Information dialog box: You have a private key that corresponds to this certificate..
What to do next
Import the certificate into the Windows local computer certificate store.
Import a Signed Certificate by Using Certreq
When you have a signed certificate from a CA, you can import the certificate into the Windows local
computer certificate store on the View server host.
If you used the certreq utility to generate a CSR, the certificate private key is local to the server on which
you generated the CSR. To work correctly, the certificate must be combined with the private key. Use the
certreq command shown in this procedure to ensure that the certificate and private key are properly
combined and imported into the Windows certificate store.
If you use another method to obtain a signed certificate from a CA, you can use the Certificate Import
wizard in the Microsoft Management Console (MMC) Snap-in to import a certificate into the Windows
certificate store. This method is described in "Configuring SSL Certificates for View Servers" in the View
Installation document.
Scenarios for Setting Up SSL Certificates for View
12 VMware, Inc.