4.6

Table Of Contents
Convert a PKCS#12 Keystore to JKS Format
If you already have a PKCS#12 keystore file and a server certificate that is signed by an intermediate CA rather
than a root CA, you must convert the PKCS#12 keystore to JKS format before you can use it with View.
Procedure
1 If the PKCS#12 keystore does not already contain the intermediate certificate, create the JKS keystore and
add the intermediate certificate to the keystore.
To avoid seeing errors from keytool, you must add the intermediate certificate to the keystore before you
can add the server certificate.
a Save the intermediate certificate as intermediateCA.p7 in the directory that contains the keystore file.
b Import the intermediate certificate into the keystore file.
For example:
keytool -importcert -keystore keys.jks -storepass secret -trustcacerts -alias
intermediateCA -file intermediateCA.p7
2 Add the server certificate and private key from the PKCS#12 file to the JKS keystore.
For example:
keytool -importkeystore -destkeystore keys.jks -deststorepass secret -srckeystore keys.p12 -
srcstoretype PKCS12 -srcstorepass clydenw
The keytool utility creates the JKS keystore if it does not already exist.
What to do next
Configure your View Connection Server instance or security server to use the certificate. See “Configure a
View Connection Server Instance or Security Server to Use a New Certificate,” on page 85.
Creating a New SSL Certificate
You can use a self-signed certificate or a certificate signed by a CA to replace the default server SSL certificate
that is provided with View Connection Server.
A CA is a trusted third party that guarantees the identity of the certificate and its creator. When a certificate is
signed by a trusted CA, users no longer receive messages asking them to verify the certificate, and thin client
devices can connect without requiring additional configuration. If your clients need to determine the origin
and integrity of the data they receive, you should obtain a CA-signed certificate rather than use a self-signed
certificate.
1 Obtain a Signed Certificate from a CA for Use with a View Connection Server Instance or Security
Server on page 83
To obtain a signed certificate from a CA, you must use keytool to generate a keystore file and a certificate
signing request (CSR). For testing purposes, you can obtain a free temporary certificate based on an
untrusted root from GlobalSign, Thawte, or VeriSign.
2 Obtain a Signed Certificate from a CA for Use with a View Transfer Server Instance on page 84
To obtain a signed certificate from a CA, you must use openssl to generate a private key file and a
certificate signing request (CSR). For testing purposes, you can obtain a free temporary certificate based
on an untrusted root from GlobalSign, Thawte, or VeriSign.
VMware View Installation
82 VMware, Inc.