Create & configure SSL certificate for VMware View Security Server

During my study for VCAP-DTA exam I hit the topic of SSL certificate management, so I decided in order to practice it to generate a SSL certificate for my Lab’s View Security Server and get a proper signed SSL certificate for it.

On your VMware Horizon View Security server open a command prompt to the following path: C:\Program Files\VMware\VMware View\Server\jre\bin

Run the following command to generate Keypair for your SSL certificate, this should be 2048 bit length and using password “secret”, the format of stored keystore is JKS:

keytool -genkeypair -keyalg “RSA” -keysize 2048 -keystore keys.jks -storepass secret

Now as we generated the Keypair, it’s time to create the certificate request by running the following command:

keytool -certreq -file certificate.csr -keystore keys.jks -storepass secret

The SSL certificate request file (certificate.csr) is ready to be sent to CA for signing it.

In my case I got from my CA provider the following four files:

Screen Shot 2014-11-20 at 14.11.45

AddTrustExternalCARoot –> External Root CA
COMODORSAAddTrustCA –> Provider Intermediate Root CA
COMODORSADomainValidationSecureServerCA –> Provider Domain Validation Server CA
vdi_safouh_com –> My Domain SSL signed certificate

So you need to start importing the External Root CA at first by running the following command:

keytool -importcert -keystore keys.jks -storepass secret -alias rootCA -file AddTrustExternalCARoot.crt

where Keystore file name is “keys.jks” and it’s password “secret”.

Then import the next level certificate which is Provider Intermediate Root CA by running the following command:

keytool -importcert -keystore keys.jks -storepass secret -trustcacerts -alias intermediateCA -file COMODORSAAddTrustCA.crt

Now we need to import the next level in CA’s validation chain by running the following command:

keytool -importcert -keystore keys.jks -storepass secret -trustcacerts -alias intermediateCA -file COMODORSADomainValidationSecureServerCA.crt

Finally we will import our domain signed SSL certificate, which is in my case “vdi.safouh.com” by running the following command:

keytool -importcert -keystore keys.jks -storepass secret -keyalg “RSA” -trustcacerts -file vdi_safouh_com .crt

Now copy “keys.jks” file to the following location: C:\Program Files\VMware\VMware View\Server\sslgateway\conf

Create the following file: locked.properties at above location, this configuration file contains the SSL configurations details, and add the following line to it: (only bold ones)
keyfile=keys.jks  [this is the Keystore file name which we copied to here]
keypass=secret  [Keystore password]
storetype=jks  [Keystore type]

Save the file and restart the view Security Server.

Now you should have a valid SSL Certificate for your Security Server … something like the following:

Screen Shot 2014-11-20 at 16.19.57

You can see the SSL CA chain in addition to other details … by the way, that SSL certificate costed me only $9,- per year 🙂

Share
Published
Categorized as EUC

Leave a comment

Your email address will not be published. Required fields are marked *