kfkehua
Contributor
Contributor

SSL for View 5.1

Dear all, I've recently started to look into View 5.1 and trying to get the SSL issues sorted.

I'm reading from the following doc library: http://pubs.vmware.com/view-51/topic/com.vmware.view.installation.doc/GUID-803D402F-E7D6-46E4-BD76-4...

my questions are as follows:

1. they mention about several methods of obtaining a certificate, with using IIS being one method, what are other meethods since I don't have IIS manager installed on my machine?

2. "When you generate a certificate request on a computer, make sure that a private key is generated also" - how do I generate the private key?

3. My local users connect to the connection server as a local server, for ex: "viewserver", however the external users will connect using "view.company.com" how do I implement this?

thank you.

0 Kudos
6 Replies
leaffan
Contributor
Contributor

Have a look at Tom Fojta's blog as he describes the process to configure View Connection servers with SSL certs.

http://fojta.wordpress.com/2012/05/27/vmware-view-5-1-and-ssl-certificate-replacement/

1. IIS Manager is not required when using a Microsoft CA as long as the Web Enrollment role is installed if using a Windows 2008 R2 server.

2. By using this method the private key is created and exportable.

3. You will create a pair of DNS names (internalservername.domain.com) and (externalurl.domain.com)

Hope this helps.

Remember to rename the original default cert friendly name to vdm.old or something and to restart the View Connection Server Service.

kfkehua
Contributor
Contributor

Thanks for that.

I followed the instructions in that blog, the good thing is after doing that, the "health system" in view manager shows all green.

However, when I go to the view admin site, either with IE or firefox it still says that the certificate is not to be trusted.

I had the idea that after that it would get pass that error, or am I wrong??

0 Kudos
mittim12
Immortal
Immortal

Does the machine your connecting from trust the CA that signed the certificate?

0 Kudos
kfkehua
Contributor
Contributor

never mind, I found if I just put the server mame, I will get the error, if I put the FQDN it will let me go thru.

I thought when generating the certificate, I put both  the server name and the FQDN as the common name:

CN=server

CN=server.company.local.

so why does using "server" give me error?

0 Kudos
leaffan
Contributor
Contributor

If the Certificate chain isn't trusted to your computer then you'll have that problem.

Ensure that the root and intermediate certificates are configured within your GPO or that you install them locally.

Follow Julian Wood's article to distribute the Root CA through a GPO if your systems are not part of the same domain or not AD integrated.

0 Kudos
kfkehua
Contributor
Contributor

Thanks leaffan. will get that done.

on a side note, I see this error in the events: "Certificate is invalid for Secure Gateway at address VIEWMANAGER"

whats that supposed to mean / imply??

thanks.

0 Kudos