How to install third party SSL Certificate for VMware Horizon View?

Today I would like to share how to install third party SSL certificate for VMware View.
To do this, you need to create CSR request.inf and save it on your Security Server.
You may copy, edit and save the details from following sample as your csr_request.inf file.

;----------------- request.inf -----------------

Signature= $Windows NT$


Subject = ", OU=IT, O=ICT for Myanmar, L=Yangon, S=Yangon, C=Myanmar

; replace attributes in this line using example below
KeySpec = 1
KeyLength = 2048
; Can be 2048, 4096, 8192, or 16384.
; Larger key sizes are more secure, but have
; a greater impact on performance.
Exportable = TRUE
FriendlyName = vdm
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = Microsoft RSA SChannel Cryptographic Provider
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0


OID= ; this is for Server Authentication


; SAN= dns=FQDN_you_require&dns=other_FQDN_you_require

Open command prompt as administrator and run commands as below.
Open the inf file created previously.
Save the file with .req format on your server. For example under C:\Certificates\ssl_certificate.p7b

Open that .req file with notepand and copy the content and paste into the CA Webstie to request Certificate.
Once certificate from CA is ready, download and save it on your Security Server.
For example under C:\Certificates\ssl_certificate.p7b
Run below command to install downloaded certificate.

You still need to add Certificate into Windows Certificate Store to get trusted once Certificate installation is done.
Open MMC console from Run and add certificates add-ins for local computer.
Check your installed certificate under Personal>Certificates and right click on it and select Properties.
Click General Tab and change friendly name to vdm if you see other name.
You need to delete other certificates' friendly name if you have self-signed certificates.
After that, you will need to check your certificate is under Trusted root certification authorities list or not.
If not in the list, you need to import your certificate too.
Please see below sample for your reference.

You still need to change the configuration on your connection server after all above steps are done.
Otherwise, you only can go to your VM View URL and you cannot route to your desktop pool with correct domain name which created in SSL certificate.
To do that, please go to View Administrator Console which installed on Connection Server usually.
Go to View Configuration>Servers>Security Servers and change the External URL and Blast External URL with correct common name (domain url name) which registered with CA in your SSL certificate.

Once all done, you need to restart Security Server and Connection Server to take all changes effect.

Once both server restarted. You should get working VMware Horizon View with correct SSL Certificate.

I've tested these steps on Windows Server 2008 R2 and VMware Horizon View Version 5.3.

Have a good time.
(Be knowledgeable, pass it on then)


Post a Comment