6.0
Table Of Contents
- Scenarios for Setting Up SSL Certificates for View
- Contents
- Scenarios for Setting Up SSL Connections to View
- Obtaining SSL Certificates from a Certificate Authority
- Off-loading SSL Connections to Intermediate Servers
- Import SSL Off-loading Servers' Certificates to View Servers
- Download an SSL Certificate from the Intermediate Server
- Download a Private Key from the Intermediate Server
- Convert a Certificate File to PKCS#12 Format
- Import a Signed Server Certificate into a Windows Certificate Store
- Modify the Certificate Friendly Name
- Import the Root and Intermediate Certificates into the Windows Certificate Store
- Set View Server External URLs to Point Clients to SSL Off-loading Servers
- Allow HTTP Connections From Intermediate Servers
- Import SSL Off-loading Servers' Certificates to View Servers
- Index
Procedure
1 In View Administrator, select View Configuration > Servers.
2 Select the Security Servers tab, select the security server, and click Edit.
3 Type the Secure Tunnel external URL in the External URL text box.
The URL must contain the protocol, client-resolvable security server host name and port number.
For example: https://myserver.example.com:443
NOTE You can use the IP address if you have to access a security server when the host name is not
resolvable. However, the host that you contact will not match the SSL certificate that is configured for
the security server, resulting in blocked access or access with reduced security.
4 Click OK to save your changes.
View Administrator sends the updated external URL to the security server. You do not need to restart the
security server service for the changes to take effect.
Allow HTTP Connections From Intermediate Servers
When SSL is off-loaded to an intermediate server, you can configure View Connection Server instances or
security servers to allow HTTP connections from the client-facing, intermediate devices. The intermediate
devices must accept HTTPS for Horizon Client connections.
To allow HTTP connections between View servers and intermediate devices, you must configure the
locked.properties file on each View Connection Server instance and security server on which HTTP
connections are allowed.
Even when HTTP connections between View servers and intermediate devices are allowed, you cannot
disable SSL in View. View servers continue to accept HTTPS connections as well as HTTP connections.
NOTE If your Horizon clients use smart card authentication, the clients must make HTTPS connections
directly to View Connection Server or security server. SSL off-loading is not supported with smart card
authentication.
Procedure
1 Create or edit the locked.properties file in the SSL gateway configuration folder on the View
Connection Server or security server host.
For example: install_directory\VMware\VMware View\Server\sslgateway\conf\locked.properties
2 To configure the View server's protocol, add the serverProtocol property and set it to http.
The value http must be typed in lower case.
3 (Optional) Add properties to configure a non-default HTTP listening port and a network interface on
the View server.
n
To change the HTTP listening port from 80, set serverPortNonSSL to another port number to which
the intermediate device is configured to connect.
n
If the View server has more than one network interface, and you intend the server to listen for
HTTP connections on only one interface, set serverHostNonSSL to the IP address of that network
interface.
4 Save the locked.properties file.
5 Restart the View Connection Server service or security server service to make your changes take effect.
Scenarios for Setting Up SSL Certificates for View
22 VMware, Inc.