VMWare View Security Server SSL Certificate Install

How to install a SSL certificate for VMWare View Security Server

Certificate Installation – Generate and Install

Log on to system via RDP.

Start a command prompt.

Execute: –

psexec -i -s -d cmd.exe  ; this starts a cmd prompt as a system account

or security server, change the directory to C:\Program Files\VMware\VMware View\Server\jre\bin

Execute: –

keytool -genkey -keyalg "RSA" -keysize 2048 -keystore keys.p12 -storetype pkcs12
-validity 360

Note: The keys.p12 file is created in the current directory.

Run the following command to create a certificate signing request (CSR): –

keytool -certreq -keyalg "RSA" -file certificate.csr -keystore keys.p12
-storetype pkcs12 -storepass <secret>
; <secret> is your chosen keystore password

Send the CSR file (certificate.csr) to a certificate authority and request a certificate in PKCS7 format.

You will receive four .crt files.  We must combine them: –

openssl rsa -in 9963073.crt -check
openssl x509 -in 9963073.crt -text -noout
openssl crl2pkcs7 -nocrl -certfile
9963073.crt -out bob.p7b -certfile TERENASSLCA.crt -certfile
TERENASSLCA.crt -certfile AddTrustExternalCARoot.crt

Here we have: –

9963073.crt  			; certificate file received from CA
bob.p7b 			; temporary output file
TERENASSLCA.crt			; received from CA
AddTrustExternalCARoot.crt	; received from CA

Copy the contents of the file into a text editor and save it as certificate.p7.  It will look like: –

—–BEGIN PKCS7—–
MIIF+AYJKoZIhvcNAQcCoIIF6TCCBeUCAQExADALBgkqhkiG9w0BBwGgggXNMIID
LDCCApWgAwIBAgIQTpY7DsV1n1HeMGgMjMR2PzANBgkqhkiG9w0BAQUFADCBhzEL
i7coVx71/lCBOlFmx66NyKlZK5mObgvd2dlnsAP+nnStyhVHFIpKy3nsDO4JqrIg
EhCsdpikSpbtdo18jUubV6z1kQ71CrRQtbi/WtdqxQEEtgZCJO2lPoIWMQA=
—–END PKCS7—–

Run the following command to import certificates issued by CA: –

keytool -import -keystore keys.p12 -storetype pkcs12 -storepass <secret> 
-keyalg "RSA" 
-trustcacerts 
-file certificate.p7
; <secret> is your password and we've copied 'bob.p7b' to 'certificate.p7'

To configure the View Connection Server to use the new certificate, place the new certificate and copy the keys.p12 file (the keystore file) in C:\Program Files\VMware\View Manager\Server\sslgateway\conf.

Modify or create the following file: –

C:\ProgramFiles\VMware\View Manager\Server\sslgateway\conf\locked.properties

Add the following properties:

keyfile=keys.p12
keypass=<secret>

Restart the View Connection Server service.  (it is recommended to restart the machine)

The certificate will now be installed.