Add this to the system path:
C:\Program Files\Vmware\Vmware View\Server\jre\bin
Don't try and make the CSR yourself, just go to this site and have one auto created:
That should return a keytool command like this:
keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore star_gunnarberger_com.jks -dname "CN=*.gunnarberger.com,OU=Information Technology, O=GunnarBerger.com, L=Athens, ST=Georgia, C=US" && keytool -certreq -alias server -file star_gunnarberger_com.csr -keystore star_gunnarberger_com.jks && echo Your certificate signing request is in star_gunnarberger_com.csr. Your keystore file is star_gunnarberger_com.jks. Thanks for using the DigiCert keytool CSR helper.
NOTE: The keytool command I used above was for a wildcard cert so it was *.gunnarberger.com, had I wanted view.gunnarberger.com the tool would have been different (I just wanted to explain why my example has a astrick in it).
After you execute this command you will have to type in a password for this file 3 or 4 times. For simplicity just keep the password the same throughout.
The command you just issued is going to give you a CSR file and a JKS (Java Keystore). I put both of these files into a directory on the root of my hard drive. C:\cert
You'll need to go to your CA of your choice and upload the CSR. I used http://www.rapidssl.com/ because its cheap and I'm cheap.
All CAs have different steps you have to take before they will generate a cert. The more expensive the cert, the longer it takes (becuase it means that did more to make sure you are you.) With RapidSSL, it took about 15 minutes, so they probably aren't the best CA in the world. Eventually they will email you a link to download your cert which you will need to make sure and download this in PKCS7 format or (.p7s).
Now I you should have a file called <filename>.p7s
I go right ahead and drop that file to the same C:\cert directory
Inside the C:\cert directory you should now have three files
Now that you have all three of these you need to execute the following command
keytool -import -alias server -trustcacerts -file <filename>.p7s -keystore <filename>.jks
Here is a screen shot of me executing this command.
If you don't get "Certificate reply was installed in keystore" I don't know what to tell you, call someone.
Finally, we need to get the View Connection Server to actually use the cert we just added to TomCat. Thankfully this is pretty easy.
Copy the <filename>.jks file into the following directory:
C:\Program Files\Vmware\VMware View\Server\sslgateway\conf\
While you are in that directory use notepad to create a new file that is called locked.properties
Inside that file put the following (again using notepad)
keyfile=<name of keyfile>
Inside that directory you will find a log file called, log-<DATE>.txt look for todays date. Open that file and go to the very bottom. Also, you can just search for "SSL" that tends to bring you to the line you are lookig for.