3.0.1
Table Of Contents
- Administration Guide
- Contents
- About This Book
- Introduction
- Installation
- View Administrator
- Virtual Desktop Deployment
- Client Management
- View Client and View Portal
- Client Connections from the Internet
- Creating SSL Server Certificates
- Using Existing SSL Certificates
- Smart Card Authentication
- RSA SecurID Authentication
- View Client Command Line Options
- Virtual Printing
- View Composer
- Offline Desktop
- Component Policies
- Unified Access
- Troubleshooting
- Glossary
- Index
View Manager Administration Guide
86 VMware, Inc.
Using keytool to Create a Truststore
Fromacommandprompt,enterthefollowingwhere<alias>isaunique(case‐insensitive)
nameforanewentityentryinthetruststore(inthiscase,thecertificateyouareaboutto
import),<certificate>isthenameof therootCAcertificateyoupreviouslyobtained
orexported,and<truststore filename>isthenam
eofthetruststoreoutputfile:
keytool -import -alias <alias> -file <certificate> -keystore
<truststore_filename>
Enabling Smart Card Authentication on the Server
AlltypesofViewConnectionServersupportsmartcardauthenticationbutitis
recommendedthatonlysecurityserversareconfiguredtoallowsmartcardaccess.
If youaddsmartcardsupporttostandardorreplicaserversyouwillbepromptedto
selectacertificateeverytimeyouconnecttoViewAdministratoronthosesy
stems.
To add smart card authentication to View Connection Server
1Copythetruststorefileyoupreviouslycreated(<truststore_filename>)tothe
followinglocationonViewConnectionServer:
C:\Program Files\VMware\View Manager\Server\sslgateway\conf
2 Createatextfilecalledlocked.propertiesthatcontainsthefollowingentries:
trustKeyfile=<truststore filename>
trustStoretype=JKS
useCertAuth=true
ThevaluefortrustKeyfilemustcorrespondtothatof<truststore
filename>.
YoumustrestarttheViewConnectionServerserviceforthesechangestotakeeffect.
N
OTEYoumaybeaskedtocreateapasswordforthekeystore—thisisnotrequiredfor
futureprocedures,butyoushouldrememberitifyouwanttoaddadditional
certificatestothetruststoreatalaterdate.
NOTEInenvironmentswherenotalluserswillauthenticateusingasmartcarditis
alsorecommendedthatyouconfigureanew(oranadditional)securityserver
specificallyforthepurposeofclientsmartcardauthentication.
N
OTEOnceastandardorreplicaViewConnectionServerhasbeenconfigured,you
willbepromptedtochooseacertificatewhenloggingintoViewPortalortoView
Administratoronthatserver.