5.0
Table Of Contents
- VMware View Installation
- Contents
- VMware View Installation
- System Requirements for Server Components
- System Requirements for Client Components
- Supported Operating Systems for View Agent
- Supported Operating Systems for Windows-Based View Client and View Client with Local Mode
- Hardware Requirements for Local Mode Desktops
- Client Browser Requirements for View Portal
- Remote Display Protocol and Software Support
- Adobe Flash Requirements
- Smart Card Authentication Requirements
- Preparing Active Directory
- Configuring Domains and Trust Relationships
- Creating an OU for View Desktops
- Creating OUs and Groups for Kiosk Mode Client Accounts
- Creating Groups for View Users
- Creating a User Account for vCenter Server
- Create a User Account for View Composer
- Configure the Restricted Groups Policy
- Using View Group Policy Administrative Template Files
- Prepare Active Directory for Smart Card Authentication
- Installing View Composer
- Installing View Connection Server
- Installing the View Connection Server Software
- Installation Prerequisites for View Connection Server
- Install View Connection Server with a New Configuration
- Install a Replicated Instance of View Connection Server
- Configure a Security Server Pairing Password
- Install a Security Server
- Microsoft Windows Installer Command-Line Options
- Uninstalling View Products Silently by Using MSI Command-Line Options
- Configuring User Accounts for vCenter Server and View Composer
- Where to Use the vCenter Server User and Domain User for View Composer
- Configure a vCenter Server User for View Manager, View Composer, and Local Mode
- View Manager Privileges Required for the vCenter Server User
- View Composer Privileges Required for the vCenter Server User
- Local Mode Privileges Required for the vCenter Server User
- Configuring View Connection Server for the First Time
- Configuring View Client Connections
- Sizing Windows Server Settings to Support Your Deployment
- Installing the View Connection Server Software
- Installing View Transfer Server
- Configuring SSL Certificates for View Servers
- Configuring SSL Certificates for View Connection Server and Security Server
- Configuring SSL Certificates for View Transfer Server
- Prepare an Existing Certificate in PKCS#12 Format for Use with View Transfer Server
- Obtain a Signed Certificate from a CA for Use with a View Transfer Server Instance
- Generate a Self-Signed Certificate for View Transfer Server
- Configure a View Transfer Server Instance to Use a Certificate
- Configure SSL for View Transfer Server Communications
- Configuring Certificate Checking in View Client for Windows
- Appendix: Additional SSL Configuration Tasks
- Creating an Event Database
- Installing and Starting View Client
- Index
3 Import an Intermediate Certificate into a Keystore File on page 80
If your server certificate is signed by an intermediate CA rather than by a root CA, you must add the
intermediate certificate to the keystore before you add the server certificate.
4 Import a Signed Server Certificate into a Keystore File on page 81
If you obtained a signed server certificate from a CA, use keytool to import the certificate into your
keystore file.
Obtain a Signed Certificate from a CA for Use with a View Connection Server
Instance or Security Server
To obtain a signed certificate from a CA, you must use keytool to generate a keystore file and a certificate
signing request (CSR) file. For testing purposes, you can obtain a free temporary certificate based on an
untrusted root from many CAs.
Prerequisites
Determine the fully qualified domain name (FQDN) that client computers use to connect to the host.
Procedure
1 Open a command prompt and use keytool to create a keystore file.
For example:
keytool -genkeypair -keyalg "RSA" -keysize 2048 -keystore keys.jks -storepass secret
If you are going to import an intermediate certificate into the keystore file, you must specify a Java keystore
file such as keys.jks.
2 When keytool prompts you for your first and last name, type the fully qualified domain name (FQDN)
that client computers use to connect to the host.
Option Action
View Connection Server instance
Type the FQDN of the View Connection Server host if you have one View
Connection Server instance. Type the FQDN of the load balancer host if you
use load balancing.
Security server
Type the FQDN of the security server host.
IMPORTANT If you type your name, the certificate will be invalid.
keytool creates the keystore file in the current directory.
3 Use keytool to create a CSR file with a name such as certificate.csr.
For example: keytool -certreq -file certificate.csr -keystore keys.jks -storepass secret
keytool creates the CSR file in the same directory as the keystore file.
4 Send the CSR file to the CA in accordance with the CA's enrollment process and request a certificate.
After conducting some checks on your company, the CA signs your request, encrypts it with a private key,
and sends you a validated certificate.
What to do next
If your View Connection Server instance or security server does not trust the root certificate for your server
certificate, import the root certificate into your keystore file before you import the server certificate. See “Import
a Root Certificate into a Keystore File,” on page 80.
If your server certificate is signed by an intermediate CA, import the intermediate certificate into your keystore
file. See “Import an Intermediate Certificate into a Keystore File,” on page 80.
Chapter 7 Configuring SSL Certificates for View Servers
VMware, Inc. 79