6.0
Table Of Contents
- Scenarios for Setting Up SSL Certificates for View
- Contents
- Scenarios for Setting Up SSL Connections to View
- Obtaining SSL Certificates from a Certificate Authority
- Off-loading SSL Connections to Intermediate Servers
- Import SSL Off-loading Servers' Certificates to View Servers
- Download an SSL Certificate from the Intermediate Server
- Download a Private Key from the Intermediate Server
- Convert a Certificate File to PKCS#12 Format
- Import a Signed Server Certificate into a Windows Certificate Store
- Modify the Certificate Friendly Name
- Import the Root and Intermediate Certificates into the Windows Certificate Store
- Set View Server External URLs to Point Clients to SSL Off-loading Servers
- Allow HTTP Connections From Intermediate Servers
- Import SSL Off-loading Servers' Certificates to View Servers
- Index
Prerequisites
n
Verify that you received a signed certificate from a CA. See “Generate a CSR and Request a Signed
Certificate from a CA,” on page 10.
n
Perform the certreq operation described in this procedure on the computer on which you generated a
CSR and stored the signed certificate.
Procedure
1 Open a command prompt by right-clicking on Command Prompt in the Start menu and selecting Run
as administrator.
2 Navigate to the directory where you saved the signed certificate file such as cert.cer.
For example: cd c:\certificates
3 Import the signed certificate by running the certreq -accept command.
For example: certreq -accept cert.cer
The certificate is imported into the Windows local computer certificate store.
What to do next
Configure the imported certificate to be used by a View server. See “Set Up an Imported Certificate for a
View Server,” on page 13.
Set Up an Imported Certificate for a View Server
After you import a server certificate into the Windows local computer certificate store, you must take
additional steps to allow a View server to use the certificate.
Procedure
1 Verify that the server certificate was imported successfully.
2 Change the certificate Friendly name to vdm.
vdm must be lower case. Any other certificates with the Friendly name vdm must be renamed, or you
must remove the Friendly name from those certificates.
You do not have to modify the Friendly name of certificates that are used by View Composer.
3 Install the root CA certificate and intermediate CA certificate in the Windows certificate store.
4 Restart the View Connection Server service, security server service, or View Composer service to allow
the service to start using the new certificates.
5 If you use HTML Access in VMware Horizon View 5.2 or later, restart the VMware View Blast Secure
Gateway service.
6 If you are setting up a certificate on a View Composer server, you might have to take another step.
n
If you set up the new certificate after you install View Composer, you must run the SviConfig
ReplaceCertificate utility to replace the certificate that is bound to the port used by View
Composer.
n
If you set up the new certificate before you install View Composer, you do not have to run the
SviConfig ReplaceCertificate utility. When you run the View Composer installer, you can select
the new certificate that is signed by a CA instead of the default, self-signed certificate.
For more information, see "Bind a New SSL Certificate to the port Used by View Composer" in the View
Installation document.
Chapter 1 Obtaining SSL Certificates from a Certificate Authority
VMware, Inc. 13