Scenarios for Setting Up SSL Certificates
Table Of Contents
- Scenarios for Setting Up SSL Certificates for View
- Contents
- Scenarios for Setting Up SSL Connections to View
- Obtaining SSL Certificates from a Certificate Authority
- Off-loading SSL Connections to Intermediate Servers
- Import SSL Off-loading Servers' Certificates to View Servers
- Download an SSL Certificate from the Intermediate Server
- Download a Private Key from the Intermediate Server
- Convert a Certificate File to PKCS#12 Format
- Import a Signed Server Certificate into a Windows Certificate Store
- Modify the Certificate Friendly Name
- Import the Root and Intermediate Certificates into the Windows Certificate Store
- Set View Server External URLs to Point Clients to SSL Off-loading Servers
- Allow HTTP Connections From Intermediate Servers
- Import SSL Off-loading Servers' Certificates to View Servers
- Index
Import a Signed Certificate by Using Certreq
When you have a signed certificate from a CA, you can import the certificate into the Windows local
computer certificate store on the View server host.
If you used the certreq utility to generate a CSR, the certificate private key is local to the server on which
you generated the CSR. To work correctly, the certificate must be combined with the private key. Use the
certreq command shown in this procedure to ensure that the certificate and private key are properly
combined and imported into the Windows certificate store.
If you use another method to obtain a signed certificate from a CA, you can use the Certificate Import
wizard in the Microsoft Management Console (MMC) Snap-in to import a certificate into the Windows
certificate store. This method is described in "Configuring SSL Certificates for View Servers" in the View
Installation document.
Prerequisites
n
Verify that you received a signed certificate from a CA. See “Generate a CSR and Request a Signed
Certificate from a CA,” on page 11.
n
Perform the certreq operation described in this procedure on the computer on which you generated a
CSR and stored the signed certificate.
Procedure
1 Open a command prompt by right-clicking on Command Prompt in the Start menu and selecting Run
as administrator.
2 Navigate to the directory where you saved the signed certificate file such as cert.cer.
For example: cd c:\certificates
3 Import the signed certificate by running the certreq -accept command.
For example: certreq -accept cert.cer
The certificate is imported into the Windows local computer certificate store.
What to do next
Configure the imported certificate to be used by a View server. See “Set Up an Imported Certificate for a
View Server,” on page 13.
Set Up an Imported Certificate for a View Server
After you import a server certificate into the Windows local computer certificate store, you must take
additional steps to allow a View server to use the certificate.
Procedure
1 Verify that the server certificate was imported successfully.
2 Change the certificate Friendly name to vdm.
vdm must be lower case. Any other certificates with the Friendly name vdm must be renamed, or you
must remove the Friendly name from those certificates.
You do not have to modify the Friendly name of certificates that are used by View Composer.
3 Install the root CA certificate and intermediate CA certificate in the Windows certificate store.
4 Restart the View Connection Server service, security server service, or View Composer service to allow
the service to start using the new certificates.
Chapter 1 Obtaining SSL Certificates from a Certificate Authority
VMware, Inc. 13