Scenarios for Setting Up SSL Certificates
Table Of Contents
- Scenarios for Setting Up SSL Certificates for View
- Contents
- Scenarios for Setting Up SSL Connections to View
- Obtaining SSL Certificates from a Certificate Authority
- Off-loading SSL Connections to Intermediate Servers
- Import SSL Off-loading Servers' Certificates to View Servers
- Download an SSL Certificate from the Intermediate Server
- Download a Private Key from the Intermediate Server
- Convert a Certificate File to PKCS#12 Format
- Import a Signed Server Certificate into a Windows Certificate Store
- Modify the Certificate Friendly Name
- Import the Root and Intermediate Certificates into the Windows Certificate Store
- Set View Server External URLs to Point Clients to SSL Off-loading Servers
- Allow HTTP Connections From Intermediate Servers
- Import SSL Off-loading Servers' Certificates to View Servers
- Index
Set View Server External URLs to Point Clients to SSL Off-loading
Servers
If SSL is off-loaded to an intermediate server and Horizon Client devices use the secure tunnel to connect to
View, you must set the secure tunnel external URL to an address that clients can use to access the
intermediate server.
You configure the external URL settings on the View Connection Server instance or security server that
connects to the intermediate server.
If you deploy security servers, external URLs are required for the security servers but not for the View
Connection Server instances that are paired with the security servers.
If you do not deploy security servers, or if you have a mixed network environment with some security
servers and some external-facing View Connection Server instances, External URLs are required for any
View Connection Server instances that connect to the intermediate server.
NOTE You cannot off-load SSL connections from a PCoIP Secure Gateway (PSG) or Blast Secure Gateway.
The PCoIP external URL and Blast Secure Gateway external URL must allow clients to connect to the
computer that hosts the PSG and Blast Secure Gateway. Do not reset the PCoIP external URL and Blast
external URL to point to the intermediate server unless you plan to require SSL connections between the
intermediate server and the View server.
Set the External URLs for a View Connection Server Instance
You use View Administrator to configure the external URLs for a View Connection Server instance.
Prerequisites
n
Verify that the secure tunnel connections are enabled on the View Connection Server instance.
Procedure
1 In View Administrator, click View Configuration > Servers.
2 Select the Connection Servers tab, select a View Connection Server instance, and click Edit.
3 Type the secure tunnel external URL in the External URL text box.
The URL must contain the protocol, client-resolvable host name and port number.
For example: https://myserver.example.com:443
NOTE You can use the IP address if you have to access a View Connection Server instance when the
host name is not resolvable. However, the host that you contact will not match the SSL certificate that is
configured for the View Connection Server instance, resulting in blocked access or access with reduced
security.
4 Verify that all addresses in this dialog allow client systems to reach this View Connection Server
instance.
5 Click OK.
Chapter 2 Off-loading SSL Connections to Intermediate Servers
VMware, Inc. 21