5.0
Table Of Contents
- VMware View Installation
- Contents
- VMware View Installation
- System Requirements for Server Components
- System Requirements for Client Components
- Supported Operating Systems for View Agent
- Supported Operating Systems for Windows-Based View Client and View Client with Local Mode
- Hardware Requirements for Local Mode Desktops
- Client Browser Requirements for View Portal
- Remote Display Protocol and Software Support
- Adobe Flash Requirements
- Smart Card Authentication Requirements
- Preparing Active Directory
- Configuring Domains and Trust Relationships
- Creating an OU for View Desktops
- Creating OUs and Groups for Kiosk Mode Client Accounts
- Creating Groups for View Users
- Creating a User Account for vCenter Server
- Create a User Account for View Composer
- Configure the Restricted Groups Policy
- Using View Group Policy Administrative Template Files
- Prepare Active Directory for Smart Card Authentication
- Installing View Composer
- Installing View Connection Server
- Installing the View Connection Server Software
- Installation Prerequisites for View Connection Server
- Install View Connection Server with a New Configuration
- Install a Replicated Instance of View Connection Server
- Configure a Security Server Pairing Password
- Install a Security Server
- Microsoft Windows Installer Command-Line Options
- Uninstalling View Products Silently by Using MSI Command-Line Options
- Configuring User Accounts for vCenter Server and View Composer
- Where to Use the vCenter Server User and Domain User for View Composer
- Configure a vCenter Server User for View Manager, View Composer, and Local Mode
- View Manager Privileges Required for the vCenter Server User
- View Composer Privileges Required for the vCenter Server User
- Local Mode Privileges Required for the vCenter Server User
- Configuring View Connection Server for the First Time
- Configuring View Client Connections
- Sizing Windows Server Settings to Support Your Deployment
- Installing the View Connection Server Software
- Installing View Transfer Server
- Configuring SSL Certificates for View Servers
- Configuring SSL Certificates for View Connection Server and Security Server
- Configuring SSL Certificates for View Transfer Server
- Prepare an Existing Certificate in PKCS#12 Format for Use with View Transfer Server
- Obtain a Signed Certificate from a CA for Use with a View Transfer Server Instance
- Generate a Self-Signed Certificate for View Transfer Server
- Configure a View Transfer Server Instance to Use a Certificate
- Configure SSL for View Transfer Server Communications
- Configuring Certificate Checking in View Client for Windows
- Appendix: Additional SSL Configuration Tasks
- Creating an Event Database
- Installing and Starting View Client
- Index
Convert a PKCS#12 File to JKS Format
If you already have a PKCS#12 keystore file and a server certificate that is signed by an intermediate CA rather
than a root CA, you must convert the PKCS#12 keystore to JKS format before you can use it with View.
Procedure
1 Create the JKS keystore and add the intermediate certificate and root certificate to the keystore.
To avoid seeing errors from keytool, you must add the intermediate certificate to the keystore before you
can add the server certificate.
a Save the intermediate certificate as intermediateCA.p7 in the directory that contains the keystore file.
b If your View Connection Server instance or security server does not trust the root certificate, save the
root certificate as rootCA.p7 in the keystore file directory and import the root certificate into the
keystore file.
For example:
keytool -importcert -keystore keys.jks -storepass secret -alias rootCA -file rootCA.p7
c Import the intermediate certificate into the keystore file.
For example:
keytool -importcert -keystore keys.jks -storepass secret -trustcacerts -alias
intermediateCA -file intermediateCA.p7
2 Add the server certificate and private key from the PKCS#12 file to the JKS keystore.
For example:
keytool -importkeystore -destkeystore keys.jks -deststorepass secret -srckeystore keys.p12 -
srcstoretype PKCS12 -srcstorepass clydenw
The keytool utility creates the JKS keystore if it does not already exist.
What to do next
Configure your View Connection Server instance or security server to use the certificate. See “Configure a
View Connection Server Instance or Security Server to Use a New Certificate,” on page 81.
Creating a New SSL Certificate
You can use a self-signed certificate or a certificate signed by a CA to replace the default SSL server certificate
that is provided with View Connection Server.
A CA is a trusted entity that guarantees the identity of the certificate and its creator. When a certificate is signed
by a trusted CA, users no longer receive messages asking them to verify the certificate, and thin client devices
can connect without requiring additional configuration. If your clients need to determine the origin and
integrity of the data they receive, you should obtain a CA-signed certificate rather than use a self-signed
certificate.
1 Obtain a Signed Certificate from a CA for Use with a View Connection Server Instance or Security
Server on page 79
To obtain a signed certificate from a CA, you must use keytool to generate a keystore file and a certificate
signing request (CSR) file. For testing purposes, you can obtain a free temporary certificate based on an
untrusted root from many CAs.
2 Import a Root Certificate into a Keystore File on page 80
If your View Connection Server instance or security server does not trust the root certificate for the server
certificate that you have obtained from a CA, use keytool to import the certificate into your keystore file
before you add the server certificate.
VMware View Installation
78 VMware, Inc.