If your looking into configuring an external VMware View security server SSL certificate this can seem at first a tricky process but its not really that bad.
Now you can use OpenSSL to request an SSL certificate and do most of the hard work for you but to be honest I’ve got better things to do with my time than tapping away at a command line if I don’t have to and I’m sure you do as well so I use IIS instead.
In order to generate a certificate to import into a View security server you’ll need a couple of things.
A preinstalled security server and a server with IIS installed. The IIS server doesn’t need to be anything special and it can be even be a temporary server that you blow away after you have generated and exported the certificate if you wish.
IIS Server Config
To begin with log in to your IIS server and open the IIS management console and open the Server Certificates node within the main IIS site.
On the next screen click the create certificate request and enter the details required for the certificate and hit next.
Now to choose the bit length, by default IIS uses 1024 however many external SSL providers only support 2048 and upwards so change the value to a minimum to 2048.
Now give your request a file name and save it.
External Certificate Authority
Submit the generated CSR to your external certificate authority and jump through all the hoops to get the all important certificate file back. Once you have received the certificate follow the below to install the certificate onto your IIS server.
IIS Server Config
Open the IIS management console again and on the top right hand side of the console hit the Complete Certificate Request hyperlink. Point the wizard at the CER file you have obtained from your external authority and also enter the friendly name of vdm.
Once completed the certificate will appear in the IIS Manager.
Right click on the certificate and choose Export.
Again give the file a name and a password, the file generated will have the *.pfx file extension.
VMware View Security Server Config
Now you need to logon to your VMware View security server, open up an MMC and then add the certificates snap-in with the Computer Account context.
Right click on the Personal certificate container and choose import.
Follow the wizard and select the pfx file you created earlier and enter the password and tick the mark key as exportable for future possible use.
Once the wizard has finished you should now see that the personal store has the certificate installed. now there’s one final thing we need to do.
Right click on your new certificate and select Properties and ensure that the friendly name field has vdm entered if not enter it now. Also check the self signed certificate (which will normally be the host name of the security server) properties and remove the vdm friendly name field.
Now restart the VMware View Security Server service and you should find when the service comes back up it is now using the new certificate you have just installed.