Skip to main content

How to install third party SSL Certificate for VMware Horizon View?


Today I would like to share how to install third party SSL certificate for VMware View.
To do this, you need to create CSR request.inf and save it on your Security Server.
You may copy, edit and save the details from following sample as your csr_request.inf file.

;----------------- request.inf -----------------
[Version]

Signature= $Windows NT$

[NewRequest]

Subject = "CN=vmview.test.com, OU=IT, O=ICT for Myanmar, L=Yangon, S=Yangon, C=Myanmar

; replace attributes in this line using example below
KeySpec = 1
KeyLength = 2048
; Can be 2048, 4096, 8192, or 16384.
; Larger key sizes are more secure, but have
; a greater impact on performance.
Exportable = TRUE
FriendlyName = vdm
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = Microsoft RSA SChannel Cryptographic Provider
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0

[EnhancedKeyUsageExtension]

OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication

[RequestAttributes]

; SAN= dns=FQDN_you_require&dns=other_FQDN_you_require
 
;-----------------------------------------------


Open command prompt as administrator and run commands as below.
Open the inf file created previously.
Save the file with .req format on your server. For example under C:\Certificates\ssl_certificate.p7b




Open that .req file with notepand and copy the content and paste into the CA Webstie to request Certificate.
Once certificate from CA is ready, download and save it on your Security Server.
For example under C:\Certificates\ssl_certificate.p7b
Run below command to install downloaded certificate.


You still need to add Certificate into Windows Certificate Store to get trusted once Certificate installation is done.
Open MMC console from Run and add certificates add-ins for local computer.
Check your installed certificate under Personal>Certificates and right click on it and select Properties.
Click General Tab and change friendly name to vdm if you see other name.
You need to delete other certificates' friendly name if you have self-signed certificates.
After that, you will need to check your certificate is under Trusted root certification authorities list or not.
If not in the list, you need to import your certificate too.
Please see below sample for your reference.









You still need to change the configuration on your connection server after all above steps are done.
Otherwise, you only can go to your VM View URL and you cannot route to your desktop pool with correct domain name which created in SSL certificate.
To do that, please go to View Administrator Console which installed on Connection Server usually.
Go to View Configuration>Servers>Security Servers and change the External URL and Blast External URL with correct common name (domain url name) which registered with CA in your SSL certificate.


Once all done, you need to restart Security Server and Connection Server to take all changes effect.

Once both server restarted. You should get working VMware Horizon View with correct SSL Certificate.

I've tested these steps on Windows Server 2008 R2 and VMware Horizon View Version 5.3.

Have a good time.
(Be knowledgeable, pass it on then)

Comments

Popular posts from this blog

Link Aggregating with Synology NAS and Cisco Switch

I’d like to share how to setup Link Aggregating between Synology NAS and Cisco Switch. I’ve got one Synology NAS with 4 Network Ports and I’m going to use 2 of them. Both Network Port to be as one Logical Link, Fault Tolerance and Load Balancing. To do that, I need to configure Link Aggregating on Synology NAS and EtherChannel with LACP on Cisco Switch. Below is brief steps to do to meet with my requirements. - Get connected Synology NAS and Cisco Switch as shown in picture. - Bonding two Network Ports of Synology NAS and assign IP Address - Configure EtherChannel with LACP in Cisco Switch and add two physical ports as Member. OK. Let’s begin from Synology NAS. - Login to the Synology and go to Control Panel>Network>Create>Create Bond - Select IEEE 802.3ad to get Fault Tolerance and Load Balancing Featureyou’re your switch not support 802.3ad you can only select Fault Tolerance only feature). After that click “Next”. - Choose the network port f

Fortigate guide for Begineer - 6

I would like to explaine how to troubleshoot the Fortigate Unit configured by Transparent Mode in step by step this time. Let's assume, you have one Fortigate Unit that configured as Transparent Mode. But devices from Internal/Private Network unable to access Internet/Public Network through your Fortigate Unit. OK. Let's troubleshoot with following steps, 1) Check the physical network connections between the network and the FortiGate unit, and between the FortiGate unit and the Internet. 2) Check the router and ISP-supplied equipment to make sure it is operating correctly. 3) Verify that you can connect to the internal interface by connecting to the management IP address of the FortiGate unit from the Internal network. From the internal network, attempt to ping the management IP address. If you cannot connect to the internal interface, verify the IP configuration of the PC and make sure the cables are connected and all switches and other devices on the network are powered on a

Solving the "A general system error occured:Invalid fault" error in vSphere 4

Below error was come out when you try to migrate VM to other host for some reason. Below error was come out when you try to edit VM setting. Below error was come out when you power on the VM. How to solve those error? Here is how I resolve the error! Login to the Host that errored VM exist by using Terminal or Direct Console. Enter below command and press enter. services.sh restart Wait until all VMware Services are restarted. After that try to Power On/Edit Settings or Migrate the errored VM and you will see all you can do without any error pop-up. This kind of errors can occur if you shutdown/restart VM unproperly or shutdown/restart the Host unproperly that VM exist. You can check log file deeply if you willing to know precisely on this. May you all be happy. (Be knowledgeable, pass it on then)