Scenarios for Setting Up SSL Certificates
Table Of Contents
- Scenarios for Setting Up SSL Certificates for View
- Contents
- Scenarios for Setting Up SSL Connections to View
- Obtaining SSL Certificates from a Certificate Authority
- Off-loading SSL Connections to Intermediate Servers
- Import SSL Off-loading Servers' Certificates to View Servers
- Download an SSL Certificate from the Intermediate Server
- Download a Private Key from the Intermediate Server
- Convert a Certificate File to PKCS#12 Format
- Import a Signed Server Certificate into a Windows Certificate Store
- Modify the Certificate Friendly Name
- Import the Root and Intermediate Certificates into the Windows Certificate Store
- Set View Server External URLs to Point Clients to SSL Off-loading Servers
- Allow HTTP Connections From Intermediate Servers
- Import SSL Off-loading Servers' Certificates to View Servers
- Index
For other types of certificate files, only the server certificate is imported into the Windows local computer
certificate store. In this case, you must take separate steps to import the root certificate and any intermediate
certificates in the certificate chain.
For more information about certificates, consult the Microsoft online help available with the Certificate
snap-in to MMC.
Prerequisites
Verify that the SSL server certificate is in PKCS@12 (PFX) format. See “Convert a Certificate File to PKCS#12
Format,” on page 18.
Procedure
1 In the MMC window on the Windows Server host, expand the Certificates (Local Computer) node and
select the Personal folder.
2 In the Actions pane, go to More Actions > All Tasks > Import.
3 In the Certificate Import wizard, click Next and browse to the location where the certificate is stored.
4 Select the certificate file and click Open.
To display your certificate file type, you can select its file format from the File name drop-down menu.
5 Type the password for the private key that is included in the certificate file.
6 Select Mark this key as exportable.
7 Select Include all extended properties.
8 Click Next and click Finish.
The new certificate appears in the Certificates (Local Computer) > Personal > Certificates folder.
9 Verify that the new certificate contains a private key.
a In the Certificates (Local Computer) > Personal > Certificates folder, double-click the new
certificate.
b In the General tab of the Certificate Information dialog box, verify that the following statement
appears: You have a private key that corresponds to this certificate.
What to do next
Modify the certificate Friendly name to vdm.
Modify the Certificate Friendly Name
To configure a View Connection Server instance or security server to recognize and use an SSL certificate,
you must modify the certificate Friendly name to vdm.
Prerequisites
Verify that the server certificate is imported into the Certificates (Local Computer) > Personal > Certificates
folder in the Windows Certificate Store. See “Import a Signed Server Certificate into a Windows Certificate
Store,” on page 18.
Procedure
1 In the MMC window on the Windows Server host, expand the Certificates (Local Computer) node and
select the Personal > Certificates folder.
2 Right-click the certificate that is issued to the View server host and click Properties.
3 On the General tab, delete the Friendly name text and type vdm.
Chapter 2 Off-loading SSL Connections to Intermediate Servers
VMware, Inc. 19