scnguye2
Contributor
Contributor

HOW TO: Configure View Connection Manager Server to use existing SSL Certificates

Hello all,

I purchased a certificate from Starfield Inc. and would like to use it on my View Connection Manager server. I tried the following:

1. Copy the "locked.properties" file and the certificate "name.p12" from my View Security Server, to the View Connection Manager under "C:\Program Files\VMware\VMware View\Server\sslgateway\conf"

2. Edit the "locked.properties" with the following parameter:

keyfile="name".p12

keypass="password"

3. Restart the "VMware View Connection Server" service

Note sure if this is the correct method. Please provide me with instruction on how to configure the server to use my existing certificate.

Also, if I am using Wyse V10L thin-client running WTOS, how do I set the V10L to use the certificate?

Thank you,

Sang

0 Kudos
5 Replies
mjsvirt
Hot Shot
Hot Shot

Check out these threads:

Hope this helps..

Jason Silva http://silvaecs.com http://twitter.com/silvaecs
scnguye2
Contributor
Contributor

Yes. The article was helpful in setting up the View Connection Manager server to use my existing certificate.

However, I am having trouble getting the Wyse V10L running WTOS to connect to the View Connection Manager server, after the certificate change and the service restart.

This is what I have in the Wyse FTP folder:

1. V10L_wnos file (version 6.4.0_06)

2. CACERTS folder with the extracted .cer (renamed with .crt extension) certificate from Internet Explorer

3. This is what my wnos.ini file looks like:

Connectionbroker=VDM

VDIBroker=https://(name of connection broker goes here)

AdminMode=yes Admin-Username=MEAFMNABMK Admin-Password=MEAFMNABMK

Privilege=none ShowDisplaySettings=no EnableKeyboardMouseSettings=no

MaxVNCD=2

VncPrompt=no Accept=2

FormURL=logo.jpg

addcertificate=keys.crt

Timeserver=time.windows.com timeformat="12-hour format" Dateformat=mm/dd/yyyy

TimeZone='GMT - 06:00' daylight=yes start=030207 end=110107 TimeZoneName="Central Standard Time" DayLightName="Central

Daylight Time"

autoload=1

Not sure what I am missing, but the V10L will not authenticate to the connection broker. The certificate shows that it has been installed.. No problem with time server or connecting to the connection broker, but when I put in my username/password, it acts like it's trying to load the profile, then stops and the nothing shows up on the Wyse event_log.

0 Kudos
mjsvirt
Hot Shot
Hot Shot

See if this helps on configuring the WYSE V10L:

Also, have you tried the config with http to see to ensure that this is an https issue?

Are you using Wyse TCX MMR extensions? Be sure this is allowed in View manager.

Jason Silva http://silvaecs.com http://twitter.com/silvaecs
0 Kudos
scnguye2
Contributor
Contributor

Solution:

After submitting a support case with Wyse Tech Support, this is what I have to do on the Wyse V10L in order to connect...

1. Export certificate (.cer) from Internet Explorer

2. Change .cer extension to .crt and create a folder called "CACERTS" in the Wyse FTP "wnos" folder

3. Copy .crt certificate to the CACERTS folder

4. Add the following line to the wnos.ini file:

Connectionbroker=VDM

addcertificate=filename.crt

5. Wyse Tech Support discovered that the only V10L system version, compatible with VMware View Connection Manager 3.1 using SSL is 6.2.0_08

6. Replace your current VL10_wnos file with the correct 6.2.0_08 VL10_wnos

7. Reboot and wait for the V10L to flash itself

8. You should now be able to connect

Comment(s):

- Down-grading to 6.2.0_08 may affect some advanced functions, such as SmartCard Auth., VOIP, etc...

- I have attached a copy for the 6.2.0_08 with this thread

- See all above threads for instruction on configuring View Connection Manager to use your existing SSL Certificates

0 Kudos
randyf25
Enthusiast
Enthusiast

Jumping in here. We have WTOS 6.3.022 working with View 3.1. If we go past this we get a problem where the V10L does not connect to the authentication server (ie. View Server). I am being told by my Wyse reps that it should work in 6.4.006 but of course it is not for us. It does not work with 6.3.023, 6.3.025, 6.3.027 Hotfix 1.

Anyone have any thoughts on this? Of course we don't have a support contract with Wyse as we are just testing the entire product line right now. Do people really pay their insane support pricing?

Sorry, it's a sore subject for me. But still, we are not getting anywhere with anything past 6.3.022.

THanks.

0 Kudos