3.0.1

Table Of Contents

View Manager Administration Guide

76 VMware, Inc.

Bydefault,inViewConnectionServerwhenaclientvisitsasecurepagesuchasView

Administratortheyarepresentedwiththeself‐signedcertificateprovidedwiththe

application.Byreadingtheservercertificatetheusercandecideiftheserverisatrusted

source,andthenaccept(orreject)theco

nnection.

ThecertificatecanbesignedbyaCertificateAuthority(CA)—atrustedthird partywho

guaranteestheidentityofthecertificateanditscreator.

TocreateyourowncertificateforViewConnectionServerdooneofthefollowing:

 Createaself‐signedcertificateforyoursystemusingthekeytoolutilityprovided

withtheJavaRuntimeEnvironment(JRE)instancethataccompaniesView

ConnectionServer.Self‐signedcertificatesareusergeneratedcertificatesthathave

notbeenofficiallyregisteredwithanytrustedCA,andarethereforenot

guaranteedtobeauthentic.

 Createacertificateandthensendacertificatesigningrequest(CSR)thatcontains

yourcertificatedetailstoaCA.Afterconductingsomechecksonthecompanyor

individualmakingtheapplication,theCAsignstherequestandencryptsitwith

theirprivatekey.Thevalidcertificateisreturnedandistheninse

rtedintoa

keystoreonViewConnectionServer.

ClientsconnectingtoViewConnectionServerarepresentedwithyourcertificate.Ifthe

certificateisself‐signedbutacceptedbytheuser,orsignedbyaCAthatistrustedby

theclientbrowser,theclientusesthepublickeycontainedwithinthecertificat

eto

encryptthedataitsendstoViewConnectionServer.Typically ,thecertificatefortheCA

itselfisembeddedinthebrowserorislocatedinatrusteddatabasethatisaccessibleby

theclient.

Onceacertificatehasbeenaccepted,theclientrespondsbysendingitsownpublickey

soth

atViewConnectionServercanencryptthedataittransmitstotheclient.Inthis

way,asecureconnectionbetweentheclientandserverisestablished.

Bydefault,ViewConnectionServerincludesaself‐signedSSLcertificatethatclients

canusetocreatesecuresessionswhentheyconnect.Thiscertificateisnottrustedby

lientsanddoesnot havethecorrectnamefortheservice,butitdoesallowconnectivity.

YoucanreplacethedefaultcertificateprovidedwithViewManagerwithaproperly

definedcertificatefortheservice.IfthecertificateissignedbyatrustedCA,userswill

notbepresen

tedwithmessagesaskingthemtoverifythecertificate,andthinclient

deviceswillbeabletoconnectwithoutrequiringadditionalconfiguration.

OTECertificatesareonlyrequiredforstandard,replica,orsecurityserversthat

receivedirectconnectionsfromtheirclients.Ifyouareusingasecurityserverasyour

client‐facingsystem,onlythisserverwillrequireacertificate.