Creating A New Ssl Certificate - VMware View Manager 4.5 Installation Manual
Hide thumbs
Also See for View Manager 4.5:
- Admin manual (342 pages) ,
- Integration manual (70 pages) ,
- Upgrade manual (46 pages)
Table of Contents
Advertisement
6
Select Export the current certificate to a .pfx file and click Next.
7
Specify a filename for the certificate file and click Next.
8
Type and confirm a password to be used to encrypt the information you want to export and click Next.
The system displays summary information about the certificate you are about export.
9
Verify the summary information and click Next > Finish.
What to do next
Configure your View Connection Server instance, security server, or View Transfer Server instance to use the
certificate. See
"Configure a View Connection Server Instance or Security Server to Use a New Certificate,"
page 80 or
"Configure a View Transfer Server Instance to Use a New Certificate,"
Creating a New SSL Certificate
You can create a new certificate to replace the default server SSL certificate provided with View Connection
Server. When you create a new certificate, you must decide whether it should be self-signed or signed by a
CA.
Because self-signed certificates are not officially registered with a trusted CA, they are not guaranteed to be
authentic. While adequate for data encryption between server and client, self-signed certificates do not provide
reliable information about the location of the software application or the corporate entity responsible for its
administration.
A CA is a trusted third party that guarantees the identity of the certificate and its creator. When a certificate is
signed by a trusted CA, users no longer receive messages asking them to verify the certificate, and thin client
devices can connect without requiring additional configuration. If your clients need to determine the origin
and integrity of the data they receive, you should obtain a CA-signed certificate.
1
Generate a Keystore and Certificate
Whether you plan to use a self-signed certificate, or to obtain a signed certificate from a CA, you must
use
to generate a keystore file and a self-signed certificate.
keytool
2
Obtain a Signed Certificate from a CA
To obtain a signed certificate from a CA, you must create a CSR. For testing purposes, you can obtain a
free temporary certificate based on an untrusted root from Thawte, VeriSign, or GlobalSign.
3
Convert a PKCS#12 Certificate to PKCS#7 Format
If you obtained a certificate in PKCS#12 format, you must convert it to PKCS#7 format before importing
it into your keystore file.
4
Import a Signed Certificate into a Keystore File
If you obtained a signed certificate from a CA, or if you exported an existing Microsoft IIS SSL server
certificate, use
Generate a Keystore and Certificate
Whether you plan to use a self-signed certificate, or to obtain a signed certificate from a CA, you must use
to generate a keystore file and a self-signed certificate.
keytool
When you initially create a keystore file, the first certificate in the keystore file is a self-signed certificate. Later,
if you obtain a signed certificate from a CA, you import the response from the CA into the keystore file and
the self-signed certificate is replaced.
Prerequisites
Add
to the system path on your host. See
keytool
page 76.
VMware, Inc.
on page 77
on page 78
to import the certificate into your keystore file.
keytool
Chapter 7 Configuring Certificate Authentication
on page 79
on page 79
"Add keytool and openssl to the System Path,"
on
on page 81.
on
77
Advertisement
Table of Contents
