Enterprise Cloud Computing and Bigdata
Cloud,Bigdata,Datamining,Cassandra,Hadoop, App-V, XenApp, Virtualization Discussions from I.T Professionals
VMWare View Security Server SSL Certificate Install
January 11, 2011
Posted by on How to install a SSL certificate for VMWare View Security Server
Certificate Installation – Generate and Install
Log on to system via RDP.
Start a command prompt.
Execute: –
psexec -i -s -d cmd.exe ; this starts a cmd prompt as a system account
or security server, change the directory to C:\Program Files\VMware\VMware View\Server\jre\bin
Execute: –
keytool -genkey -keyalg "RSA" -keysize 2048 -keystore keys.p12 -storetype pkcs12 -validity 360
Note: The keys.p12 file is created in the current directory.
Run the following command to create a certificate signing request (CSR): –
keytool -certreq -keyalg "RSA" -file certificate.csr -keystore keys.p12 -storetype pkcs12 -storepass <secret> ; <secret> is your chosen keystore password
Send the CSR file (certificate.csr) to a certificate authority and request a certificate in PKCS7 format.
You will receive four .crt files. We must combine them: –
openssl rsa -in 9963073.crt -check openssl x509 -in 9963073.crt -text -noout openssl crl2pkcs7 -nocrl -certfile 9963073.crt -out bob.p7b -certfile TERENASSLCA.crt -certfile TERENASSLCA.crt -certfile AddTrustExternalCARoot.crt
Here we have: –
9963073.crt ; certificate file received from CA bob.p7b ; temporary output file TERENASSLCA.crt ; received from CA AddTrustExternalCARoot.crt ; received from CA
Copy the contents of the file into a text editor and save it as certificate.p7. It will look like: –
—–BEGIN PKCS7—–
MIIF+AYJKoZIhvcNAQcCoIIF6TCCBeUCAQExADALBgkqhkiG9w0BBwGgggXNMIID
LDCCApWgAwIBAgIQTpY7DsV1n1HeMGgMjMR2PzANBgkqhkiG9w0BAQUFADCBhzEL
i7coVx71/lCBOlFmx66NyKlZK5mObgvd2dlnsAP+nnStyhVHFIpKy3nsDO4JqrIg
EhCsdpikSpbtdo18jUubV6z1kQ71CrRQtbi/WtdqxQEEtgZCJO2lPoIWMQA=
—–END PKCS7—–
Run the following command to import certificates issued by CA: –
keytool -import -keystore keys.p12 -storetype pkcs12 -storepass <secret> -keyalg "RSA" -trustcacerts -file certificate.p7 ; <secret> is your password and we've copied 'bob.p7b' to 'certificate.p7'
To configure the View Connection Server to use the new certificate, place the new certificate and copy the keys.p12 file (the keystore file) in C:\Program Files\VMware\View Manager\Server\sslgateway\conf.
Modify or create the following file: –
C:\ProgramFiles\VMware\View Manager\Server\sslgateway\conf\locked.properties
Add the following properties:
keyfile=keys.p12 keypass=<secret>
Restart the View Connection Server service. (it is recommended to restart the machine)
The certificate will now be installed.