3.0.1
Table Of Contents
- Administration Guide
- Contents
- About This Book
- Introduction
- Installation
- View Administrator
- Virtual Desktop Deployment
- Client Management
- View Client and View Portal
- Client Connections from the Internet
- Creating SSL Server Certificates
- Using Existing SSL Certificates
- Smart Card Authentication
- RSA SecurID Authentication
- View Client Command Line Options
- Virtual Printing
- View Composer
- Offline Desktop
- Component Policies
- Unified Access
- Troubleshooting
- Glossary
- Index
VMware, Inc. 77
Chapter 5 Client Management
TocreateandinstallyourowncertificateyoumustfirstaddtheJavakeytoolutilityto
yourcommandpathsothatyoucanexecuteitfromanylocationusingthecommand
prompt.Oncethisisdoneyoucancreateaself‐signedSSLcertificateusingthekeytool
utility.
Toobtainavalidatedcertificat
ethathasbeensignedbyatrustedcertificateauthority
youmustfirstsubmitacertificatesigningrequest(CSR)toatheCAinordertoreceive
atrustedcertificate.OnceyouhavereceivedatrustedcertificatefromtheCAyoucan
importitintothekeystorefortheViewCon
nectionServer,andthenconfigureView
ConnectionServertouseit.
To add the Java keytool to the system path
1PresstheWindowskey+BreaktodisplaytheWindowsSystemPropertiesdialog
box.
2UndertheAdvancedtab,clickonEnvironmentVariables.
3IntheSystemvariablesgroup,selectPATHandthenclickEdit.
4IntheVariablevaluefieldaddthepathtotheJREinst
allationdirectory:
C:\Program Files\VMware\View Manager\Server\jre\bin
Ensurethatthisentryisdelimitedwithasemicolon(;)fromanyotherentries
presentinthefield.
5ClickOK>OK>OKtoclosetheWindowsSystemPropertiesdialogbox.
Creating an SSL Certificate
Decidingwhatnametobindtoacertificateisanimportantconsideration.Acertificate
bindsthenameoftheservicetoacryptographickeypairand,indoingso,assumes
ownershipoftheserviceandkeys.Oncethecertificateissignedtheclientcantrustthe
server(anditscryptographickey)beca
usetheCAindependentlydeterminedthatthe
organizationthatisclaimingownershiprequestedthekey.
Themostimportantpartofthecertificateisthecommonname(CN)attribute.Usethe
fullyqualifieddomainnamethattheclientcomputerusestoconnecttotheView
ConnectionServer.Inasingle‐serverenvironment,thenameisty
picallythenameof
theserver.Ifloadbalancingisbeingused,usetheload‐balancedname.
N
OTEYoumayalreadyhaveanSSLcertificatethatyouwanttousewithView
ConnectionServer.Referto“UsingExistingSSLCertificates”onpage 81formore
informationonhowtodothis.