Helpful Docs: Horizon View 5.2 SSL Certificates

Had some issues in the lab today and needed to just reset the SSL Certs on 2 of the Horizon View servers. My lab has a Primary, Replica, and Security server configured…but something wasn’t jiving and I was having trouble accessing anything on the Replica server.

My certificates all come from an Enterprise CA that I have running on my local domain controller (it’s a lab, and I’m way to cheap to buy real certs). This doc below worked great, and was one of the simplest SSL Cert for VIEW docs that I’ve come across

From the VMware Horizon View 5.2 Document Center:  LINK

The part that wasn’t in the doc, but was still pretty easy, was attaching to the domain controller where I was running the CA…

I had the CA configured to allow to allow for automatic issuance of the certs…which makes this alot easier in the lab…

On the server with the CA, in the Certification Authority Snap-In…

Capture

 

So all I had to do was to Login to the CA web site (https://servername/certsrv) with a domain admin account…

DC-CA

 

Request a Certificate…

dc-ca2

 

Make sure to select “advanced certificate request”

 

dc-ca3

Submit a Certificate Request by using a base-64…

dc-ca4

 

…and cut and paste the text of the Certreq.txt file (that we made based on the VMware SSL Doc linked above)…and select the Web Server Certificate Template.

Hit Submit…

dc-ca7

 

And just download the certificate.  (In my case, as it’s a lab, I also downloaded the Certificate Chain and installed that onto my workstation.  Since my Workstation isn’t in the domain that the lab is in, it doesn’t trust the Enterprise CA.  Any workstation or server that IS in the domain, then that’s a trusted cert and you don’t need to add the CA chain.

Now, to complete the steps, rather than run the certreq -accept command that the doc specified, I just loaded the MMC Certificates snap-in on the connection server in imported it into the Personal Certificates store for the local computer account.  Last step, as they specify in the referenced doc…open the certificate (in the certificates snap-in) and edit the friendly name to VDM.  That’s how View knows what certificate to grab in case you have more than one.

.jim