Scenarios for Setting Up SSL Certificates
Table Of Contents
- Scenarios for Setting Up SSL Certificates for View
- Contents
- Scenarios for Setting Up SSL Connections to View
- Obtaining SSL Certificates from a Certificate Authority
- Off-loading SSL Connections to Intermediate Servers
- Import SSL Off-loading Servers' Certificates to View Servers
- Download an SSL Certificate from the Intermediate Server
- Download a Private Key from the Intermediate Server
- Convert a Certificate File to PKCS#12 Format
- Import a Signed Server Certificate into a Windows Certificate Store
- Modify the Certificate Friendly Name
- Import the Root and Intermediate Certificates into the Windows Certificate Store
- Set View Server External URLs to Point Clients to SSL Off-loading Servers
- Allow HTTP Connections From Intermediate Servers
- Import SSL Off-loading Servers' Certificates to View Servers
- Index
Off-loading SSL Connections to
Intermediate Servers 2
You can set up intermediate servers between your View servers and Horizon Client devices to perform tasks
such as load balancing and off-loading SSL connections. Horizon Client devices connect over HTTPS to the
intermediate servers, which pass on the connections to the external-facing View Connection Server instances
or security servers.
To off-load SSL connections to an intermediate server, you must complete a few key tasks:
n
Import the SSL certificate that is used by the intermediate server to your external-facing View servers
n
Set the External URLs on your external-facing View servers to match the URL that clients can use to
connect to the intermediate server
n
Allow HTTP connections between the intermediate server and the View servers
This chapter includes the following topics:
n
“Import SSL Off-loading Servers' Certificates to View Servers,” on page 15
n
“Set View Server External URLs to Point Clients to SSL Off-loading Servers,” on page 21
n
“Allow HTTP Connections From Intermediate Servers,” on page 22
Import SSL Off-loading Servers' Certificates to View Servers
If you off-load SSL connections to an intermediate server, you must import the intermediate server's
certificate onto the View Connection Server instances or security servers that connect to the intermediate
server. The same SSL server certificate must reside on both the off-loading intermediate server and each off-
loaded View server that connects to the intermediate server.
If you deploy security servers, the intermediate server and the security servers that connect to it must have
the same SSL certificate. You do not have to install the same SSL certificate on View Connection Server
instances that are paired to the security servers and do not connect directly to the intermediate server.
If you do not deploy security servers, or if you have a mixed network environment with some security
servers and some external-facing View Connection Server instances, the intermediate server and any View
Connection Server instances that connect to it must have the same SSL certificate.
If the intermediate server's certificate is not installed on the View Connection Server instance or security
server, clients cannot validate their connections to View. In this situation, the certificate thumbprint sent by
the View server does not match the certificate on the intermediate server to which Horizon Client connects.
VMware, Inc.
15