Scenarios for Setting Up SSL Certificates
Table Of Contents
- Scenarios for Setting Up SSL Certificates for View
- Contents
- Scenarios for Setting Up SSL Connections to View
- Obtaining SSL Certificates from a Certificate Authority
- Off-loading SSL Connections to Intermediate Servers
- Import SSL Off-loading Servers' Certificates to View Servers
- Download an SSL Certificate from the Intermediate Server
- Download a Private Key from the Intermediate Server
- Convert a Certificate File to PKCS#12 Format
- Import a Signed Server Certificate into a Windows Certificate Store
- Modify the Certificate Friendly Name
- Import the Root and Intermediate Certificates into the Windows Certificate Store
- Set View Server External URLs to Point Clients to SSL Off-loading Servers
- Allow HTTP Connections From Intermediate Servers
- Import SSL Off-loading Servers' Certificates to View Servers
- Index
6 Rename the root CA and intermediate CA certificate files to root.cer and intermediate.cer.
Make sure that the files are located on the View server on which the certificate request was generated.
NOTE These certificates do not have to be in PKCS#12 (PFX) format when you use the certreq utility to
import the certificates into the Windows local computer certificate store. PKCS#12 (PFX) format is
required when you use the Certificate Import wizard to import certificates into the Windows certificate
store.
What to do next
Verify that the CSR file and its private key were stored in the Windows local computer certificate store.
Verify That the CSR and Its Private Key Are Stored in the Windows Certificate
Store
If you use the certreq utility to generate a CSR, the utility also generates an associated private key. The
utility stores the CSR and private key in the Windows local computer certificate store on the computer on
which you generated the CSR. You can confirm that the CSR and private key are properly stored by using
the Microsoft Management Console (MMC) Certificate snap-in.
The private key must later be joined with the signed certificate to enable the certificate to be properly
imported and used by a View server.
Prerequisites
n
Verify that you generated a CSR by using the certreq utility and requested a signed certificate from a
CA. See “Generate a CSR and Request a Signed Certificate from a CA,” on page 11.
n
Familiarize yourself with the procedure for adding a Certificate snap-in to the Microsoft Management
Console (MMC). See "Add the Certificate Snap-in to MMC" in the chapter, "Configuring SSL Certificates
for View Servers," in the View Installation document.
Procedure
1 On the Windows Server computer, add the Certificate snap-in to MMC.
2 In the MMC window on the Windows Server computer, expand the Certificates (Local Computer)
node and select the Certificate Enrollment Request folder.
3 Expand the Certificate Enrollment Request folder and select the Certificates folder.
4 Verify that the certificate entry is displayed in the Certificates folder.
The Issued To and Issued By fields must show the domain name that you entered in the subject:CN
field of the request.inf file that was used to generate the CSR.
5 Verify that the certificate contains a private key by taking one of the following steps:
n
Verify that a yellow key appears on the certificate icon.
n
Double-click the certificate and verify that the following statement appears in the Certificate
Information dialog box: You have a private key that corresponds to this certificate..
What to do next
Import the certificate into the Windows local computer certificate store.
Scenarios for Setting Up SSL Certificates for View
12 VMware, Inc.