Archive for 05/08/2012

VMware View 5.1 SSL Certificates

With the release of VMware View 5.1, the use of SSL certificates on your connections servers has become a requirement. There are ways of avoiding the use of SSL certificates for the View connections servers, however in the nature of security this isn’t recommended. In View 5.1 the process of changing the SSL certificate on your connection servers is much simpler than in previous releases as i will demonstrate in this article.

Assuming you have generated or purchased a trusted certificate with the relevant common name, and friendly name of “vdm”. Open an MMC console on your connection server and add the Certificates add-on then select to open Local Computer. Navigate to the Personal folder then the Certificates folder where you will find the default self assigned View connection server certificate. This is the one we want to replace so right click the certificate and select delete. Once this has been deleted, highlight the Personal folder, right click, select All Tasks, then click Import. Import your trusted certificate and should see it appear under the Personal/Certificates folder.

Providing you have generated your certificate correctly with a friendly name of vdm (this is most important), open the Windows Services console and restart the VMware View Connection Server service. This will assign the new certificate to the connection server. Once the service is back up and running, try browsing to the admin page of the connection server by the common name of the certificate to verify the certificate has changed, for example view.contoso.local/admin. If your running Internet Explorer you shouldn’t receive the a certificate warning with the red bar at the top of the page.

Once you have confirmed the new SSL certificate is being used by the connection server, log in to the View administrator console and navigate to the Server options under the View Configuration tab. Locate your connection server and click edit, in the connection server properties under the General tab you will see HTTP(S) Secure Tunnel, make sure you set the External URL to the common name of the new certificate. In this case view.contoso.local.

If all has been configured correctly and your certificate is trusted, on the View administrator dashboard you should see the service status of the connections servers as green.