6.4
Table Of Contents
- VMware vRealize Operations for Published Applications Installation and Administration
- Contents
- VMware vRealize Operations for Published Applications Installation and Administration
- Introducing vRealize Operations for Published Applications
- System Requirements for vRealize Operations for Published Applications
- Installing and Configuring vRealize Operations for Published Applications
- Install and Configure vRealize Operations for Published Applications
- Downloading the vRealize Operations for Published Applications Installation Files
- Install the vRealize Operations for Published Applications Solution
- Open the Ports Used by vRealize Operations for Published Applications
- Adding a vRealize Operations for Published Applications License Key
- Associate XD-XA Objects with Your vRealize Operations for Published Applications License Key
- Create an Instance of the vRealize Operations for Published Applications 6.4 Adapter
- Enabling Firewall Rules for XenDesktop Delivery Controllers and PVS Server
- Install the vRealize Operations for Published Applications Broker Agent
- Configure the vRealize Operations for Published Applications Broker Agent
- Configure Broker Agent to use Non-Admin User for Citrix Desktop Delivery Controller
- Install a vRealize Operations for Published Applications Desktop Agent
- Push the vRealize Operations for Published Applications Desktop Agent Pair Token Using a Group Policy
- Install and Configure vRealize Operations for Published Applications
- Enable PowerShell Remoting on the Server
- Enabling HTTP or HTTPS Protocols for PowerShell Remoting
- Monitoring Your Citrix XenDesktop and Citrix XenApp Environments
- Managing RMI Communication in vRealize Operations for Published Applications
- Changing the Default TLS Configuration in vRealize Operations for Published Applications
- Managing Authentication in vRealize Operations for Published Applications
- Certificate and Trust Store Files
- Replacing the Default Certificates
- Certificate Pairing
- SSL/TLS and Authentication-Related Log Messages
- Upgrade vRealize Operations for Published Applications
- Create a vRealize Operations Manager Support Bundle
- Download vRealize Operations for Published Applications Broker Agent Log Files
- Download vRealize Operations for Published Applications Desktop Agent Log Files
- View Collector and vRealize Operations for Published Applications Adapter Log Files
- Modify the Logging Level for vRealize Operations for Published Applications Adapter Log Files
- Index
Replace the Default Certificate for the Broker Agent
A self-signed certicate is generated when you rst install the broker agent. The broker agent uses this
certicate by default to authenticate to the vRealize Operations for Published Applications adapter. You can
replace the self-signed certicate with a certicate that is signed by a valid certicate authority.
Prerequisites
n
Verify that you can connect to the XD-XA Session host where the broker agent is installed.
n
Verify that the keytool utility is added to the system path on the data collector host where the broker
agent is installed.
n
Verify that you have the password for the certicate store. You can obtain this password from the
msgserver.properties le. See “Broker Agent Certicate and Trust Store Files,” on page 58.
n
Become familiar with the Java keytool utility. Documentation is available at hp://docs.oracle.com
Procedure
1 Log in to the vRealize Operations for Published Applications Server host where the broker agent is
installed.
2
Use the keytool utility with the -selfcert to generate a new self-signed certicate.
Because the default self-signed certicate is issued to VMware, you must generate a new self-signed
certicate before you request a signed certicate. The signed certicate must be issued to your
organization.
For example:
keytool –selfcert –alias v4pa-brokeragent –dname dn-of-org –keystore v4pa-brokeragent.jks
dn-of-org is the distinguished name of the organization to which the certicate is issued, for example,
"OU=Management Platform, O=VMware, Inc. , C=US".
By default, the certicate signature uses the SHA1withRSA algorithm. You can override this default by
specifying the name of the algorithm in the keytool utility.
3
Use the keytool utility with the -certreq option to generate the certicate signing request.
A certicate signing request is required to request a certicate from a certicate signing authority.
For example:
keytool –certreq –alias v4pa-brokeragent –file certificate-request-file -keystore v4pa-
brokeragent.jks
certicate-request-le is the name of the le that will contain the certicate signing request.
4 Upload the certicate signing request to a certicate authority and request a signed certicate.
If the certicate authority requests a password for the certicate private key, use the password
congured for the certicate store.
The certicate authority returns a signed certicate.
Chapter 12 Replacing the Default Certificates
VMware, Inc. 61