6.3
Table Of Contents
- VMware vRealize Operations for Published Applications Installation and Administration
- Contents
- VMware vRealize Operations for Published Applications Installation and Administration
- Introducing vRealize Operations for Published Applications
- System Requirements for vRealize Operations for Published Applications
- Installing and Configuring vRealize Operations for Published Applications
- Install and Configure vRealize Operations for Published Applications
- Downloading the vRealize Operations for Published Applications Installation Files
- Install the vRealize Operations for Published Applications Solution
- Open the Ports Used by vRealize Operations for Published Applications
- Adding a vRealize Operations for Published Applications License Key
- Associate XD-XA Objects with Your vRealize Operations for Published Applications License Key
- Create an Instance of the vRealize Operations for Published Applications 6.3 Adapter
- Enabling Firewall Rules for XenDesktop Delivery Controllers and PVS Server
- Install the vRealize Operations for Published Applications Broker Agent
- Configure the vRealize Operations for Published Applications Broker Agent
- Configure Broker Agent to use Non-Admin User for Citrix Desktop Delivery Controller
- Install a vRealize Operations for Published Applications Desktop Agent
- Push the vRealize Operations for Published Applications Desktop Agent Pair Token Using a Group Policy
- Install and Configure vRealize Operations for Published Applications
- Enable PowerShell Remoting on the Server
- Enable HTTP Protocol for PowerShell Remoting
- Enable HTTPS Protocol for PowerShell Remoting
- Configure Firewall
- Update the etc/host file for DNS Resolution
- Install the Certificate on the Client
- Test Connection from Client Machine
- Flow of Commands for SSL cert Using makecert
- Monitoring Your Citrix XenDesktop and Citrix XenApp Environments
- Managing RMI Communication in vRealize Operations for Published Applications
- Changing the Default TLS Configuration in vRealize Operations for Published Applications
- Managing Authentication in vRealize Operations for Published Applications
- Certificate and Trust Store Files
- Replacing the Default Certificates
- Certificate Pairing
- SSL/TLS and Authentication-Related Log Messages
- Upgrade vRealize Operations for Published Applications
- Create a vRealize Operations Manager Support Bundle
- Download vRealize Operations for Published Applications Broker Agent Log Files
- Download vRealize Operations for Published Applications Desktop Agent Log Files
- View Collector and vRealize Operations for Published Applications Adapter Log Files
- Modify the Logging Level for vRealize Operations for Published Applications Adapter Log Files
- Index
Replace the Default Certificate for the Broker Agent
A self-signed certificate is generated when you first install the broker agent. The broker agent uses this
certificate by default to authenticate to the vRealize Operations for Published Applications adapter. You can
replace the self-signed certificate with a certificate that is signed by a valid certificate authority.
Prerequisites
n
Verify that you can connect to the XD-XA Session host where the broker agent is installed.
n
Verify that the keytool utility is added to the system path on the data collector host where the broker
agent is installed.
n
Verify that you have the password for the certificate store. You can obtain this password from the
msgserver.properties file. See “Broker Agent Certificate and Trust Store Files,” on page 68.
n
Become familiar with the Java keytool utility. Documentation is available at http://docs.oracle.com
Procedure
1 Log in to the vRealize Operations for Published Applications Server host where the broker agent is
installed.
2
Use the keytool utility with the -selfcert to generate a new self-signed certificate.
Because the default self-signed certificate is issued to VMware, you must generate a new self-signed
certificate before you request a signed certificate. The signed certificate must be issued to your
organization.
For example:
keytool –selfcert –alias v4pa-brokeragent –dname dn-of-org –keystore v4pa-brokeragent.jks
dn-of-org is the distinguished name of the organization to which the certificate is issued, for example,
"OU=Management Platform, O=VMware, Inc. , C=US".
By default, the certificate signature uses the SHA1withRSA algorithm. You can override this default by
specifying the name of the algorithm in the keytool utility.
3
Use the keytool utility with the -certreq option to generate the certificate signing request.
A certificate signing request is required to request a certificate from a certificate signing authority.
For example:
keytool –certreq –alias v4pa-brokeragent –file certificate-request-file -keystore v4pa-
brokeragent.jks
certificate-request-file is the name of the file that will contain the certificate signing request.
4 Upload the certificate signing request to a certificate authority and request a signed certificate.
If the certificate authority requests a password for the certificate private key, use the password
configured for the certificate store.
The certificate authority returns a signed certificate.
Chapter 18 Replacing the Default Certificates
VMware, Inc. 71