3.0.1
Table Of Contents
- Administration Guide
- Contents
- About This Book
- Introduction
- Installation
- View Administrator
- Virtual Desktop Deployment
- Client Management
- View Client and View Portal
- Client Connections from the Internet
- Creating SSL Server Certificates
- Using Existing SSL Certificates
- Smart Card Authentication
- RSA SecurID Authentication
- View Client Command Line Options
- Virtual Printing
- View Composer
- Offline Desktop
- Component Policies
- Unified Access
- Troubleshooting
- Glossary
- Index
VMware, Inc. 83
Chapter 5 Client Management
Obtaining a Root Certificate
YoumustobtaintherootcertificatefromtheCAthatsignedthecertificatesonthesmart
cardspresentedbyyourusers.Therootcertificateisobtainedfromoneofthefollowing
sources:
MicrosoftIISserverrunningMicrosoftCertificateServices.Theprocedurefor
installingMicrosoftIIS,issuingcertificates,anddistributingtheminyour
organizationexceedsthescopeofthisguide.RefertothefollowingWebresources
tolearnmoreaboutthesetasks:
HowtoInstallIISonWindowsServer2003:
http://technet.microsoft.com/library/aa998483.aspx
ManagingMicrosoftCertificateServices:
http://technet.microsoft.com/library/bb727098.aspx
Thepublicrootcertificateofatrustedthird‐partyCA.Thisisthemorelikely
sourceinenvironmentswithapre‐existingsmartcardinfrastructureanda
standardizedapproachtosmartcarddistributionandauthentication(forexample,
governmentalormilitaryestablishments).
Onceyouhavedeterminedthecorrectcertificatetobeused,lookingatthesi
gning
chainwilllistaseriesofsigningauthorities.Usuallythebestcertificatetoselectisthe
intermediateauthorityimmediatelyabovetheusercertificate.Checkthatthisisnot
usedtosignothercertificatesonthecard.
Exporting a Root Certificate from a User Certificate
IfyoudonothavetherootcertificateoftheCAbuthavebeenprovidedwithaCA
signedusercertificate,orasmartcardthatcontainsone,youcanexporttheroot
certificatefromthisinformationiftherootcertificateistrustedbyyoursystem.
To export a root certificate from a user certificate
1StartInternetExplorerandclickTo
ols>InternetOptions.
2UndertheContenttab,clickCertificates.
N
OTEIfyouhavebeenprovidedwithasmartcardthatcontainsausercertificate,
insertthesmartcardintothereader.Inmanycasesthiswillautomaticallyaddtheuser
certificatetoyourpersonalstore.Ifthisdoesnothappenyoumustusethesoftwarethat
accompaniesthereadertoexporttheus
ercertificatetoafilewhichyoucanthenimport
intoInternetExplorerduringthefollowingprocedure.