6.3
Table Of Contents
- VMware vRealize Operations for Published Applications Installation and Administration
- Contents
- VMware vRealize Operations for Published Applications Installation and Administration
- Introducing vRealize Operations for Published Applications
- System Requirements for vRealize Operations for Published Applications
- Installing and Configuring vRealize Operations for Published Applications
- Install and Configure vRealize Operations for Published Applications
- Downloading the vRealize Operations for Published Applications Installation Files
- Install the vRealize Operations for Published Applications Solution
- Open the Ports Used by vRealize Operations for Published Applications
- Adding a vRealize Operations for Published Applications License Key
- Associate XD-XA Objects with Your vRealize Operations for Published Applications License Key
- Create an Instance of the vRealize Operations for Published Applications 6.3 Adapter
- Enabling Firewall Rules for XenDesktop Delivery Controllers and PVS Server
- Install the vRealize Operations for Published Applications Broker Agent
- Configure the vRealize Operations for Published Applications Broker Agent
- Configure Broker Agent to use Non-Admin User for Citrix Desktop Delivery Controller
- Install a vRealize Operations for Published Applications Desktop Agent
- Push the vRealize Operations for Published Applications Desktop Agent Pair Token Using a Group Policy
- Install and Configure vRealize Operations for Published Applications
- Enable PowerShell Remoting on the Server
- Enable HTTP Protocol for PowerShell Remoting
- Enable HTTPS Protocol for PowerShell Remoting
- Configure Firewall
- Update the etc/host file for DNS Resolution
- Install the Certificate on the Client
- Test Connection from Client Machine
- Flow of Commands for SSL cert Using makecert
- Monitoring Your Citrix XenDesktop and Citrix XenApp Environments
- Managing RMI Communication in vRealize Operations for Published Applications
- Changing the Default TLS Configuration in vRealize Operations for Published Applications
- Managing Authentication in vRealize Operations for Published Applications
- Certificate and Trust Store Files
- Replacing the Default Certificates
- Certificate Pairing
- SSL/TLS and Authentication-Related Log Messages
- Upgrade vRealize Operations for Published Applications
- Create a vRealize Operations Manager Support Bundle
- Download vRealize Operations for Published Applications Broker Agent Log Files
- Download vRealize Operations for Published Applications Desktop Agent Log Files
- View Collector and vRealize Operations for Published Applications Adapter Log Files
- Modify the Logging Level for vRealize Operations for Published Applications Adapter Log Files
- Index
Enable HTTPS Protocol for
PowerShell Remoting 7
If you plan to use HTTP, you can skip this section. However, it is recommend to implement HTTPS for
encrypting the traffic between the client and remote server.
This chapter includes the following topics:
n
“Acquire SSL Certificate,” on page 33
n
“Create Self-Signed SSL Certificate Using the IIS Manager,” on page 34
n
“Create Self-Signed SSL Certificate Using Makecert.exe,” on page 34
n
“Create Self-Signed SSL Certificate Using OpenSSL,” on page 34
n
“Import SSL Certificate on Remote Machine,” on page 35
n
“Configure Configure WinRM HTTPS Listener,” on page 35
Acquire SSL Certificate
To set up PowerShell remoting to use HTTPS protocol, deploy an SSL certificate to the remote server.
To acquire an SSL certificate, first generate a self-signed certificate. There are two purposes for using SSL
certificates with PowerShell remoting:
n
Encrypting traffic between client and server
n
Verifying server identity (CN check)
The following are the methods to generate a self-signed SSL certificate:
“Create Self-Signed SSL Certificate Using the IIS Manager,” on page 34
“Create Self-Signed SSL Certificate Using Makecert.exe,” on page 34
“Create Self-Signed SSL Certificate Using OpenSSL,” on page 34
In all these methods, replace HOSTNAME with either the remote server host name or the IP address to be
used to connect to that server. For example, srv1.mycompany.com or 32.53.2.87.
Ensure that your setup meets the following requirements when generating SSL certificate to use with
PowerShell remoting:
n
Set the Certificate Enhanced Key Usage (EKU) "Server Authentication" (OID=1.3.6.1.5.5.7.3.1).
n
Set the Certificate Subject to "CN=HOSTNAME".
In all these methods, an SSL certificate in PKCS12 format (PFX file) without a password is generated.
VMware, Inc.
33