4.5

Table Of Contents
Procedure
1 Create
or edit the locked.properties file in the SSL gateway configuration folder on the View Connection
Server or security server host.
For example:
install_directory
\VMware\VMware View\Server\sslgateway\conf\locked.properties
2 Add the enableRevocationChecking and crlLocation properties to the locked.properties file.
a Set enableRevocationChecking to true to enable smart card certificate revocation checking.
b Set crlLocation to the location of the CRL. The value can be a URL or a file path.
3 Restart the View Connection Server service or security server service to make your changes take effect.
Example 7-2. locked.properties File
The file shown enables smart card authentication and smart card certificate revocation checking, configures
CRL checking, and specifies a URL for the CRL location.
trustKeyfile=lonqa.key
trustStoretype=JKS
useCertAuth=true
enableRevocationChecking=true
crlLocation=http://root.ocsp.net/certEnroll/ocsp-ROOT_CA.crl
Configure OSCP Certificate Revocation Checking
When you configure OCSP certificate revocation checking, View sends a verification request to an OCSP
Responder to determine the revocation status of a smart card user certificate.
Prerequisites
Familiarize
yourself with the locked.properties file properties for OCSP certificate revocation checking. See
“Smart Card Certificate Revocation Checking Properties,” on page 130.
Procedure
1 Create or edit the locked.properties file in the SSL gateway configuration folder on the View Connection
Server or security server host.
For example:
install_directory
\VMware\VMware View\Server\sslgateway\conf\locked.properties
2 Add the enableRevocationChecking, enableOCSP, ocspURL, and ocspSigningCert properties to the
locked.properties file.
a Set enableRevocationChecking to true to enable smart card certificate revocation checking.
b Set enableOCSP to true to enable OCSP certificate revocation checking.
c Set ocspURL to the URL of the OCSP Responder.
d Set ocspSigningCert to the location of the file that contains the OCSP Responder's signing certificate.
3 Restart the View Connection Server service or security server service to make your changes take effect.
Chapter 7 Setting Up User Authentication
VMware, Inc. 129