How to replace a VMware Horizon View Composer SSL certificate

Composer SSL SVIConfig vmware

In this post I’ll show you how to replace a VMware Horizon View composer security certificate.

When you install the View composer service either by co-hosting it with vCenter or on its own instance you are given the option to create a default self signed certificate or choose one that is pre-installed. Once the composer service is installed you have to drop down to the command line to administer the certificates after that.

Firstly though before running any commands you will need to have your replacement certificate installed and ready for use. This could be an internally verifiable certificate or one signed by an external authority such as verisign. The easiest way I find is using an IIS server to create and complete the request and then export the certificate with the “Mark private keys as exportable” setting ticked. You can find the low down on the proceedure here but dont worry about the VDM friendly name bit.

You will also need to stop the “VMware Horizon Composer” or in later versions its called “VMware View Composer” service on your composer server so make sure you are in a period of low activity where no composer actions are likely to be performed, open up your services.msc and stop the composer service.

 

Once you have the certificates installed on the composer server then drop into the command line and navigate to C:\Program Files (x86)\VMware\VMware View Composer

Now execute the following command (minus the quotes):

“Sviconfig -operation=replacecertificate -delete=false”

You will then be presented with a list of certificates that you can choose from and you just need to hit the number next to the certificate you wish to choose.

Once completed you can start the “VMware Horizon Composer” service and monitor the “system” event logs to make sure you do not get any SSL based errors.

The -delete=false string in the command specifies if the original is deleted when you replace it with the new one, every the pessimist I would always set this to false so you can quickly switch back to the working certificate if you find its not happy.

Author: Dale Scriven

1 thought on “How to replace a VMware Horizon View Composer SSL certificate

Leave a Reply