4.6

Table Of Contents
3 Import an Intermediate Certificate into a Keystore File on page 84
If your server certificate is signed by an intermediate CA rather than by a root CA, you must add the
intermediate certificate to the keystore before you add the server certificate.
4 Import a Signed Server Certificate into a Keystore File on page 85
If you obtained a signed server certificate from a CA, use keytool to import the certificate into your
keystore file.
Obtain a Signed Certificate from a CA for Use with a View Connection Server
Instance or Security Server
To obtain a signed certificate from a CA, you must use keytool to generate a keystore file and a certificate
signing request (CSR). For testing purposes, you can obtain a free temporary certificate based on an untrusted
root from GlobalSign, Thawte, or VeriSign.
Prerequisites
Determine the fully qualified domain name (FQDN) that client computers use to connect to the host.
Procedure
1 Open a command prompt and use keytool to create a keystore file and a CSR.
For example:
keytool -certreq -keyalg "RSA" -file certificate.csr -keystore keys.jks -storepass secret
If you are going to import an intermediate certificate into the keystore file, you must specify a Java keystore
file.
2 When keytool prompts you for your first and last name, type the fully qualified domain name (FQDN)
that client computers use to connect to the host.
Option Action
View Connection Server instance
Type the FQDN of the View Connection Server host if you have one View
Connection Server instance. Type the FQDN of the load balancer host if you
use load balancing.
Security server
Type the FQDN of the security server host.
IMPORTANT If you type your name, the certificate will be invalid.
keytool creates the keystore file and the CSR file in the current directory.
3 Send the CSR to the CA in accordance with the CA's enrollment process and request a certificate.
After conducting some checks on your company, the CA signs your request, encrypts it with a private key,
and sends you a validated certificate.
What to do next
If you need a certificate for a View Transfer Server instance, see “Obtain a Signed Certificate from a CA for
Use with a View Transfer Server Instance,” on page 84.
If your server certificate is signed by an intermediate CA, import the intermediate certificate into your keystore
file. See “Import an Intermediate Certificate into a Keystore File,” on page 84.
If you downloaded a server certificate, import it into your keystore file. See “Import a Signed Server Certificate
into a Keystore File,” on page 85.
Chapter 7 Configuring Certificate Authentication
VMware, Inc. 83