Obtaining SSL Certificates for VMware View Servers View 5.1 View Composer 3.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
Obtaining SSL Certificates for VMware View Servers You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2012 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents Obtaining SSL Certificates for VMware View Servers 5 1 Obtaining SSL Certificates from a Certificate Authority 7 Determining If This Document Applies to You 7 Selecting the Correct Certificate Type 8 Generating a Certificate Signing Request and Obtaining a Certificate with Microsoft Certreq Convert a Certificate File to PKCS#12 Format 12 8 Index 15 VMware, Inc.
Obtaining SSL Certificates for VMware View Servers 4 VMware, Inc.
Obtaining SSL Certificates for VMware View Servers Obtaining SSL Certificates for VMware View Servers provides an example that shows you how to obtain signed SSL certificates from Certificate Authorities and ensure that the certificates are in a format that can be used by View servers.
Obtaining SSL Certificates for VMware View Servers 6 VMware, Inc.
Obtaining SSL Certificates from a Certificate Authority 1 VMware strongly recommends that you configure SSL certificates that are signed by a valid Certificate Authority (CA) for use by View Connection Server instances, security servers, and View Composer instances. Default SSL certificates are generated when you install View Connection Server, security server, or View Composer instances. Although you can use the default, self-signed certificates for testing purposes, replace them as soon as possible.
Obtaining SSL Certificates for VMware View Servers When you have a signed certificate in the proper format, you can import it into the Windows certificate store and configure a View server to use it. To learn more about these tasks, see "Configuring SSL Certificates for View Servers" in the VMware View Installation document. Selecting the Correct Certificate Type You can use various types of SSL certificates with View. Selecting the correct certificate type for your deployment is critical.
Chapter 1 Obtaining SSL Certificates from a Certificate Authority 2 Generate a CSR and Request a Signed Certificate from a CA on page 10 Using the completed configuration file, you can generate a CSR by running the certreq utility. You send the request to a third-party CA, which returns a signed certificate.
Obtaining SSL Certificates for VMware View Servers 2 Update the Subject attributes with appropriate values for your View server and deployment. For example: CN=dept.company.com NOTE Some CAs do not allow you to use abbreviations for the state attribute. 3 (Optional) Update the Keylength attribute. The default value, 2048, is adequate unless you specifically need a different KeyLength size. Many CAs require a minimum value of 2048.
Chapter 1 Obtaining SSL Certificates from a Certificate Authority 5 Use the contents of the CSR file to submit a certificate request to the CA in accordance with the CA's enrollment process. After conducting some checks on your company, the CA signs your request, encrypts it with a private key, and sends you a validated certificate. The CA also sends you a root CA certificate and, if applicable, an intermediate CA certificate. 6 Save the certificate text to a new file named cert.
Obtaining SSL Certificates for VMware View Servers Set Up an Imported Certificate for a View Server After you import a server certificate into the Windows local computer certificate store, you must take additional steps to allow a View server to use the certificate. Procedure 1 Confirm that the server certificate was imported successfully. 2 Change the certificate Friendly name to vdm. 3 Install the root CA certificate and intermediate CA certificate in the Windows certificate store.
Chapter 1 Obtaining SSL Certificates from a Certificate Authority Procedure u Generate a PKCS#12 (PFX) keystore file from the certificate file and your private key. For example: openssl pkcs12 -export -out server.p12 -inkey server.key -in server.crt -certfile CACert.crt In this example, CACert.crt is the name of the root certificate that was returned by the certificate authority. You can also generate a keystore with a PFX extension. For example: -out server.
Obtaining SSL Certificates for VMware View Servers 14 VMware, Inc.
Index C certificate signing request configuration file 9 generating 8, 10 certificates importing into a Windows certificate store 11 obtaining 5 obtaining from a CA 7 preparing for the Windows certificate store 7 selecting certificate types 8 setting up an imported certificate 12 certreq generating a CSR 8 importing a certificate 11 O openssl utility, adding to the system path 13 P PEM format certificates, converting to PKCS#12 12 PFX certificate formats, converting to 12 PKCS#12 format certificates, con
Obtaining SSL Certificates for VMware View Servers 16 VMware, Inc.
