Install a wildcard certificate on a VMware Horizon View Security Server

On a View Security Server I needed to change the default self signed certificate to a signed wildcard certificate. The customer had a wildcard certificate that didn’t include the private key. A certificate that include the private key is a requirement for a VMware View Security server.

If you have the certificate (*.cer or .crt) and private key (.key), convert it to a PCKS#12 (PFX) format before you import the certificate.  To create a certificate that include the private key I used the following steps:

  • Download and install OpenSSL and Visual C++ 2008 Redistributables. Link
  • The install folder of OpenSSL is: C:\OpenSSL-Win64\
  • Place the certificate (*.cer or .crt) and private key (.key) file in the C:\OpenSSL-Win64\bin directory folder
  • Open a command prompt and set the environment variable: Set OPENSSL_CONF=c:\OpenSLL-Win64\bin\openssl.cfg
  • Create another environment variable: Set RANDFILE = .rnd
  • Generate a PCKS#12 (PFX) keystore file from the private key and certificate file. Syntax example: OpenSSL.exe pkcs12 –export -out newcertificatename.pfx –inkey privatekey.key –in certificate.crt

image

  • Enter the password for the certificate

The next step is to Import the certificate on the security server:

  • Open the MMC on the Security Server and add the Certifcates snap-in
  • In the Windows local computer store import the generated P12 certificate
  • Type the password for the private key
  • Make sure the certificate is exportable
  • Change the friendly name to vdm and make sure that the friendly name of the self signed certificate is changed to something else
  • Restart the View Connection Security service

image

The new wildcard certificate has a private key and is trusted in the VMware View client and on the View Administrator page.

imageimage