Obtaining SSL Certificates for VMware Horizon View Servers View 5.2 View Composer 5.2 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
Obtaining SSL Certificates for VMware Horizon View Servers You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2013 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents Obtaining SSL Certificates for VMware Horizon View Servers 5 1 Obtaining SSL Certificates from a Certificate Authority 7 Determining If This Document Applies to You 7 Selecting the Correct Certificate Type 8 Generating a Certificate Signing Request and Obtaining a Certificate with Microsoft Certreq Convert a Certificate File to PKCS#12 Format 13 8 Index 15 VMware, Inc.
Obtaining SSL Certificates for VMware Horizon View Servers 4 VMware, Inc.
Obtaining SSL Certificates for VMware Horizon View Servers Obtaining SSL Certificates for VMware Horizon View Servers provides an example that shows you how to obtain signed SSL certificates from Certificate Authorities and ensure that the certificates are in a format that can be used by View servers.
Obtaining SSL Certificates for VMware Horizon View Servers 6 VMware, Inc.
Obtaining SSL Certificates from a Certificate Authority 1 VMware strongly recommends that you configure SSL certificates that are signed by a valid Certificate Authority (CA) for use by View Connection Server instances, security servers, and View Composer instances. Default SSL certificates are generated when you install View Connection Server, security server, or View Composer instances. Although you can use the default, self-signed certificates for testing purposes, replace them as soon as possible.
Obtaining SSL Certificates for VMware Horizon View Servers When you have a signed certificate in the proper format, you can import it into the Windows certificate store and configure a View server to use it. To learn more about these tasks, see "Configuring SSL Certificates for View Servers" in the VMware Horizon View Installation document. Selecting the Correct Certificate Type You can use various types of SSL certificates with View. Selecting the correct certificate type for your deployment is critical.
Chapter 1 Obtaining SSL Certificates from a Certificate Authority 1 Create a CSR Configuration File on page 9 The Microsoft certreq utility uses a configuration file to generate a CSR. You must create a configuration file before you can generate the request. Create the file and generate the CSR on the Windows Server computer that hosts the View server that will use the certificate.
Obtaining SSL Certificates for VMware Horizon View Servers RequestType = PKCS10 KeyUsage = 0xa0 [EnhancedKeyUsageExtension] OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication ;----------------------------------------------- If an extra CR/LF character is added to the Subject = line when you copy and paste the text, delete the CR/LF character. 2 Update the Subject attributes with appropriate values for your View server and deployment. For example: CN=dept.company.
Chapter 1 Obtaining SSL Certificates from a Certificate Authority 3 Generate the CSR file. For example: certreq -new request.inf certreq.txt 4 In a text editor, open the CSR file (such as certreq.txt) and copy the contents of the file, including the beginning and ending tags.
Obtaining SSL Certificates for VMware Horizon View Servers n Familiarize yourself with the procedure for adding a Certificate snap-in to the Microsoft Management Console (MMC). See "Add the Certificate Snap-in to MMC" in the chapter, "Configuring SSL Certificates for View Servers," in the VMware Horizon View Installation document. Procedure 1 On the Windows Server computer, add the Certificate snap-in to MMC.
Chapter 1 Obtaining SSL Certificates from a Certificate Authority What to do next Configure the imported certificate to be used by a View server. See “Set Up an Imported Certificate for a View Server,” on page 13. Set Up an Imported Certificate for a View Server After you import a server certificate into the Windows local computer certificate store, you must take additional steps to allow a View server to use the certificate. Procedure 1 Verify that the server certificate was imported successfully.
Obtaining SSL Certificates for VMware Horizon View Servers Procedure u Generate a PKCS#12 (PFX) keystore file from the certificate file and your private key. For example: openssl pkcs12 -export -out server.p12 -inkey server.key -in server.crt -certfile CACert.crt In this example, CACert.crt is the name of the root certificate that was returned by the certificate authority. You can also generate a keystore with a PFX extension. For example: -out server.
Index C certificate signing request configuration file 9 generating 8, 10 certificate signing requests, verifying in the certificate store 11 certificates importing into a Windows certificate store 12 obtaining 5 obtaining from a CA 7 preparing for the Windows certificate store 7 selecting certificate types 8 setting up an imported certificate 13 certreq generating a CSR 8 importing a certificate 12 O openssl utility, adding to the system path 14 P PEM format certificates, converting to PKCS#12 13 PFX ce
Obtaining SSL Certificates for VMware Horizon View Servers 16 VMware, Inc.
