Skip to main content

How to install third party SSL Certificate for VMware Horizon View?

By

Today I would like to share how to install third party SSL certificate for VMware View.
To do this, you need to create CSR request.inf and save it on your Security Server.
You may copy, edit and save the details from following sample as your csr_request.inf file.

;----------------- request.inf -----------------
[Version]

Signature= $Windows NT$

[NewRequest]

Subject = "CN=vmview.test.com, OU=IT, O=ICT for Myanmar, L=Yangon, S=Yangon, C=Myanmar
; replace attributes in this line using example below
KeySpec = 1
KeyLength = 2048
; Can be 2048, 4096, 8192, or 16384.
; Larger key sizes are more secure, but have
; a greater impact on performance.
Exportable = TRUE
FriendlyName = vdm
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = Microsoft RSA SChannel Cryptographic Provider
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0

[EnhancedKeyUsageExtension]

OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication

[RequestAttributes]

; SAN= dns=FQDN_you_require&dns=other_FQDN_you_require 
;-----------------------------------------------

 Open command prompt as administrator and run commands as below.
Open the inf file created previously.
Save the file with .req format on your server. For example under C:\Certificates\ssl_certificate.p7b




Open that .req file with notepand and copy the content and paste into the CA Webstie to request Certificate.
Once certificate from CA is ready, download and save it on your Security Server.
For example under C:\Certificates\ssl_certificate.p7b
Run below command to install downloaded certificate.


You still need to add Certificate into Windows Certificate Store to get trusted once Certificate installation is done.
Open MMC console from Run and add certificates add-ins for local computer.
Check your installed certificate under Personal>Certificates and right click on it and select Properties.
Click General Tab and change friendly name to vdm if you see other name.
You need to delete other certificates' friendly name if you have self-signed certificates.
After that, you will need to check your certificate is under Trusted root certification authorities list or not.
If not in the list, you need to import your certificate too.
Please see below sample for your reference.









You still need to change the configuration on your connection server after all above steps are done.
Otherwise, you only can go to your VM View URL and you cannot route to your desktop pool with correct domain name which created in SSL certificate.
To do that, please go to View Administrator Console which installed on Connection Server usually.
Go to View Configuration>Servers>Security Servers and change the External URL and Blast External URL with correct common name (domain url name) which registered with CA in your SSL certificate.


Once all done, you need to restart Security Server and Connection Server to take all changes effect.

Once both server restarted. You should get working VMware Horizon View with correct SSL Certificate.

I've tested these steps on Windows Server 2008 R2 and VMware Horizon View Version 5.3.

Have a good time.
(Be knowledgeable, pass it on then)

Labels:

Comments

Post a Comment

Popular posts from this blog

Fortigate guide for Begineer - 6

By
I would like to explaine how to troubleshoot the Fortigate Unit configured by Transparent Mode in step by step this time. Let's assume, you have one Fortigate Unit that configured as Transparent Mode. But devices from Internal/Private Network unable to access Internet/Public Network through your Fortigate Unit. OK. Let's troubleshoot with following steps, 1) Check the physical network connections between the network and the FortiGate unit, and between the FortiGate unit and the Internet. 2) Check the router and ISP-supplied equipment to make sure it is operating correctly. 3) Verify that you can connect to the internal interface by connecting to the management IP address of the FortiGate unit from the Internal network. From the internal network, attempt to ping the management IP address. If you cannot connect to the internal interface, verify the IP configuration of the PC and make sure the cables are connected and all switches and other devices on the network are powered on a...
Post a Comment
Read more

Why do we need network virtualization?

By
We need to think about Server Virtualization first if we want to talk about Network Virtualization. In the era of cloud computing, servers are virtualized and used in Data Centers. We are facing a lot of problem when we virtualized our Servers, 1) Routing and Switching Problem Routing become the issue when we create Virtual Switch and VLANs according to production requirement. Network Team might need some time to change on their end to meet with Server Virtualization Team changes on their end. ၂) Firewall Services Physical Firewall are difficult to manage due to the large number of rules needed to satisfy business requirements. New applications, new projects, and new networks all come with potential security requirements, which impact centralized firewall management. ၃) Load Balancing Let's say your company deploys a new physical load balancer for each tenant, resulting in increased capital expenditures. Once a tenant reaches their maximum capacity, it ca...
144 comments
Read more

Solving "WSUS administration console was unable to connect to the WSUS Server via the remote API" error

By
Today, I've got below when I try to connect my WSUS Server via WSUS Console. Below logs are display in Event Logs too. The WSUS administration console was unable to connect to the WSUS Server via the remote API.  Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service. The WSUS administration console was unable to connect to the WSUS Server via the remote API. Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service. System.Net.Sockets.SocketException -- No connection could be made because the target machine actively refused it 172.16.99.98:80 Source System Stack Trace:    at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)    at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Soc...
7 comments
Read more