If your looking into configuring an external VMware View security server SSL certificate this can seem at first a tricky process but its not really that bad.

Now you can use OpenSSL to request an SSL certificate and do most of the hard work for you but to be honest I’ve got better things to do with my time than tapping away at a command line if I don’t have to and I’m sure you do as well so I use IIS instead.

Pre-Req’s 

In order to generate a certificate to import into a View security server you’ll need a couple of things.

A preinstalled security server and a server with IIS installed. The IIS server doesn’t need to be anything special and it can be even be a temporary server that you blow away after you have generated and exported the certificate if you wish.

IIS Server Config

To begin with log in to your IIS server and open the IIS management console and open the Server Certificates node within the main IIS site.

 

Screen Shot 2013-11-02 at 23.00.52

 

On the next screen click the create certificate request and enter the details required for the certificate and hit next.

 

Screen Shot 2013-11-02 at 23.01.39

Now to choose the bit length, by default IIS uses 1024 however many external SSL providers only support 2048 and upwards so change the value to a minimum to 2048.

Screen Shot 2013-11-02 at 23.02.00

 

Now give your request a file name and save it.

Screen Shot 2013-11-02 at 23.02.19

 

External Certificate Authority 

Submit the generated CSR to your external certificate authority and jump through all the hoops to get the all important certificate file back. Once you have received the certificate follow the below to install the certificate onto your IIS server.

IIS Server Config

Open the IIS management console again and on the top right hand side of the console hit the Complete Certificate Request hyperlink. Point the wizard at the CER file you have obtained from your external authority and also enter the friendly name of vdm.

Once completed the certificate will appear in the IIS Manager.

Screen Shot 2013-11-02 at 23.15.52

 

Right click on the certificate and choose Export.

 

Screen Shot 2013-11-02 at 23.16.10

 

Again give the file a name and a password, the file generated will have the *.pfx file extension.

Screen Shot 2013-11-02 at 23.16.50

 

VMware View Security Server Config 

Now you need to logon to your VMware View security server, open up an MMC and then add the certificates snap-in with the Computer Account context.

Screen Shot 2013-11-02 at 23.21.10

 

Right click on the Personal certificate container and choose import.

Screen Shot 2013-11-02 at 23.21.27

 

Follow the wizard and select the pfx file you created earlier and enter the password and tick the mark key as exportable for future possible use.

Screen Shot 2013-11-02 at 23.21.55Screen Shot 2013-11-02 at 23.22.13Screen Shot 2013-11-02 at 23.22.24Screen Shot 2013-11-02 at 23.22.31

 

Once the wizard has finished you should now see that the personal store has the certificate installed. now there’s one final thing we need to do.

Right click on your new certificate and select Properties and ensure that the friendly name field has vdm entered if not enter it now. Also check the self signed certificate (which will normally be the host name of the security server) properties and remove the vdm friendly name field.

 

Screen Shot 2013-11-02 at 23.29.31

Now restart the VMware View Security Server service and you should find when the service comes back up it is now using the new certificate you have just installed.

Screen Shot 2013-11-02 at 23.33.32

 

Author:Dale Scriven

Tagged with:
 

2 Responses to Configuring an external VMware View Security Server SSL certificate

  1. […] Correct SSL certificates must be present on the VMware View security servers if not you can follow this guide for more information on how to do […]

  2. […] “Mark private keys as exportable” setting ticked. You can find the low down on the proceedure here but dont worry about the VDM friendly name […]

Leave a Reply

Set your Twitter account name in your settings to use the TwitterBar Section.
%d bloggers like this: