Dear all, I've recently started to look into View 5.1 and trying to get the SSL issues sorted.
I'm reading from the following doc library: http://pubs.vmware.com/view-51/topic/com.vmware.view.installation.doc/GUID-803D402F-E7D6-46E4-BD76-4...
my questions are as follows:
1. they mention about several methods of obtaining a certificate, with using IIS being one method, what are other meethods since I don't have IIS manager installed on my machine?
2. "When you generate a certificate request on a computer, make sure that a private key is generated also" - how do I generate the private key?
3. My local users connect to the connection server as a local server, for ex: "viewserver", however the external users will connect using "view.company.com" how do I implement this?
thank you.
Have a look at Tom Fojta's blog as he describes the process to configure View Connection servers with SSL certs.
http://fojta.wordpress.com/2012/05/27/vmware-view-5-1-and-ssl-certificate-replacement/
1. IIS Manager is not required when using a Microsoft CA as long as the Web Enrollment role is installed if using a Windows 2008 R2 server.
2. By using this method the private key is created and exportable.
3. You will create a pair of DNS names (internalservername.domain.com) and (externalurl.domain.com)
Hope this helps.
Remember to rename the original default cert friendly name to vdm.old or something and to restart the View Connection Server Service.
Thanks for that.
I followed the instructions in that blog, the good thing is after doing that, the "health system" in view manager shows all green.
However, when I go to the view admin site, either with IE or firefox it still says that the certificate is not to be trusted.
I had the idea that after that it would get pass that error, or am I wrong??
Does the machine your connecting from trust the CA that signed the certificate?
never mind, I found if I just put the server mame, I will get the error, if I put the FQDN it will let me go thru.
I thought when generating the certificate, I put both the server name and the FQDN as the common name:
CN=server
CN=server.company.local.
so why does using "server" give me error?
If the Certificate chain isn't trusted to your computer then you'll have that problem.
Ensure that the root and intermediate certificates are configured within your GPO or that you install them locally.
Follow Julian Wood's article to distribute the Root CA through a GPO if your systems are not part of the same domain or not AD integrated.
Thanks leaffan. will get that done.
on a side note, I see this error in the events: "Certificate is invalid for Secure Gateway at address VIEWMANAGER"
whats that supposed to mean / imply??
thanks.