Installation guide
Table Of Contents
- VMware View Installation Guide
- Contents
- About This Book
- System Requirements for Server Components
- System Requirements for Client Components
- Supported Operating Systems for View Agent
- Supported Operating Systems for View Client and View Client with Local Mode
- Hardware Requirements for Local Mode Desktops
- Client Browser Requirements for View Portal
- Remote Display Protocol and Software Support
- Adobe Flash Requirements
- Smart Card Authentication Requirements
- Preparing Active Directory
- Configuring Domains and Trust Relationships
- Creating an OU for View Desktops
- Creating OUs and Groups for Kiosk Mode Client Accounts
- Creating Groups for View Users
- Creating a User Account for vCenter Server
- Create a User Account for View Composer
- Configure the Restricted Groups Policy
- Using View Group Policy Administrative Template Files
- Prepare Active Directory for Smart Card Authentication
- Installing View Composer
- Installing View Connection Server
- Installing the View Connection Server Software
- Installation Prerequisites for View Connection Server
- Install View Connection Server with a New Configuration
- Install a Replicated Instance of View Connection Server
- Configure a Security Server Pairing Password
- Install a Security Server
- Microsoft Windows Installer Command-Line Options
- Uninstalling View Products Silently by Using MSI Command-Line Options
- Configuring User Accounts for vCenter Server and View Composer
- Where to Use the vCenter Server User and Domain User for View Composer
- Configure a vCenter Server User for View Manager, View Composer, and Local Mode
- View Manager Privileges Required for the vCenter Server User
- View Composer Privileges Required for the vCenter Server User
- Local Mode Privileges Required for the vCenter Server User
- Configuring View Connection Server for the First Time
- Configuring View Client Connections
- Sizing Windows Server Settings to Support Your Deployment
- Installing the View Connection Server Software
- Installing View Transfer Server
- Configuring Certificate Authentication
- Replacing the Default Certificate
- Add keytool and openssl to the System Path
- Export an Existing Microsoft IIS SSL Server Certificate
- Creating a New SSL Certificate
- Configure a View Connection Server Instance or Security Server to Use a New Certificate
- Configure a View Transfer Server Instance to Use a New Certificate
- Configure SSL for Client Connections
- Configure SSL for View Transfer Server Communications
- Using Group Policy to Configure Certificate Checking in View Client
- Creating an Event Database
- Installing and Starting View Client
- Install the Windows-Based View Client or View Client with Local Mode
- Start the Windows-Based View Client or View Client with Local Mode
- Install View Client by Using View Portal
- Install View Client on Mac OS X
- Start View Client on Mac OS X
- Set Printing Preferences for the Virtual Printer Feature
- Using USB Printers
- Installing View Client Silently
- Index
6 Select Export the current certificate to a .pfx file and click Next.
7 Specify a filename for the certificate file and click Next.
8 Type and confirm a password to be used to encrypt the information you want to export and click Next.
The system displays summary information about the certificate you are about export.
9 Verify the summary information and click Next > Finish.
What to do next
Configure your View Connection Server instance, security server, or View Transfer Server instance to use the
certificate. See “Configure a View Connection Server Instance or Security Server to Use a New Certificate,” on
page 80 or “Configure a View Transfer Server Instance to Use a New Certificate,” on page 81.
Creating a New SSL Certificate
You can create a new certificate to replace the default server SSL certificate provided with View Connection
Server. When you create a new certificate, you must decide whether it should be self-signed or signed by a
CA.
Because self-signed certificates are not officially registered with a trusted CA, they are not guaranteed to be
authentic. While adequate for data encryption between server and client, self-signed certificates do not provide
reliable information about the location of the software application or the corporate entity responsible for its
administration.
A CA is a trusted third party that guarantees the identity of the certificate and its creator. When a certificate is
signed by a trusted CA, users no longer receive messages asking them to verify the certificate, and thin client
devices can connect without requiring additional configuration. If your clients need to determine the origin
and integrity of the data they receive, you should obtain a CA-signed certificate.
1 Generate a Keystore and Certificate on page 77
Whether you plan to use a self-signed certificate, or to obtain a signed certificate from a CA, you must
use keytool to generate a keystore file and a self-signed certificate.
2 Obtain a Signed Certificate from a CA on page 78
To obtain a signed certificate from a CA, you must create a CSR. For testing purposes, you can obtain a
free temporary certificate based on an untrusted root from Thawte, VeriSign, or GlobalSign.
3 Convert a PKCS#12 Certificate to PKCS#7 Format on page 79
If you obtained a certificate in PKCS#12 format, you must convert it to PKCS#7 format before importing
it into your keystore file.
4 Import a Signed Certificate into a Keystore File on page 79
If you obtained a signed certificate from a CA, or if you exported an existing Microsoft IIS SSL server
certificate, use keytool to import the certificate into your keystore file.
Generate a Keystore and Certificate
Whether you plan to use a self-signed certificate, or to obtain a signed certificate from a CA, you must use
keytool to generate a keystore file and a self-signed certificate.
When you initially create a keystore file, the first certificate in the keystore file is a self-signed certificate. Later,
if you obtain a signed certificate from a CA, you import the response from the CA into the keystore file and
the self-signed certificate is replaced.
Prerequisites
Add keytool to the system path on your host. See “Add keytool and openssl to the System Path,” on
page 76.
Chapter 7 Configuring Certificate Authentication
VMware, Inc. 77