Part 4 of Certificates for Horizon View 5.2: Exporting the Key

This final part of the four part series on how to add certificates to Horizon View. For a lab environment it may not be necessary to do this since it is, after all, just a lab environment. All the screenshots were taken from a 2008 Active Directory server and 2008 Connection server. They may be different for Windows 2012 Active Directory (as of writing, Windows 2012 was not yet supported for the Connection Server).

1.    Go back to the Active Directory server mmc.
2.    Select Console Root and go to File → Add/Remove Snap-ins.
3.    Select Certificates and choose Computer Account from the Certificates Snap-in.
4.    Click Next and Finish.
5.    Click OK.
6.    Click the + and find the Trusted Root Certificates folder
7.    Click on the subfolder of Certificates.

cert-all-certs

8.    Find the <name>-CA certificates (they should match the name of the one your created). Find the one with the little key on it

cert-AD-private

9.    Right click on the certificate (the one with the key) and go to All Tasks → Export..
10.    Click Next on the Welcome to the Certificate Export Wizard.
11.    On the Export File Format page, leave the defaults of DER and click Next.
12.    For File Name, select the Browse… button and put in the following:
c:\Certs\root_cer.cer
13.    Click Next and Finish.
14.    Click OK on the Export successful dialog box.
15.    Go back to the Connection server.
16.    Click Start → Run and type in \\<Active Directory server>\Certs
17.    Copy the root_cer.cer to C:\Program Files\VMware\VMware View\Server\sslgateway\conf
18.    Go to Start → Run and type cmd
19.    At the commandline type the following command:

PATH=%PATH%;"c:\Program Files\VMware\VMware View\Server\jre\bin"

20.    Then type

cd :\Program Files\VMware\VMware View\Server\sslgateway\conf\

21.     The last commandline to type is the following:

keytool -import -alias Horizon -file root_cer.cer -keystore trustedkey.key

22.    Enter the administrator password for the keystore password. Enter it a second time to verify.

cert-importing

23.    For the Trust this certificate question enter

Yes

24.    Switch to a Windows Explorer window and navigate to C:\Program Files\VMware\VMware View\Server\sslgateway\conf
25.    Select Organize from the menu bar and choose Folder and Search options.
26.    Select the View Tab and uncheck the Hide extensions for known file types option
27.    Click Apply and OK.
28.    In the whitespace under the trustedkey.key right click.
29.    Choose Text Document and replace the New Text Document.txt name with locked.properties
30.    Click Yes for the Rename dialog box.
31.    Right click on locked.properties and choose Open
32.    Choose Select a program from a list of installed programs and click OK
33.    Choose Notepad, leaving the rest of the settings as is and press OK.
34.    In the locked.properties file enter the following text (make sure there is no extra characters or lines after the last line):

trustKeyfile=trustedkey.key
trustStoretype=JKS
useCertAuth=true

35.    Save the file and close Notepad.
36.    Go to Start → Run  and type Services.msc
37.    Find the VMware View Connection Server service. And click on Restart.

Final notes/thoughts: it may take a minute or two for the Dashboard to release the “red square” beside the Connection server. Be patiet and refresh the Dashboard after a minute or two. This can be done without the Connection Server being licensed (for those environments that may be turnkey or waiting for licensing, this can be done in advance).

Your email address will not be published. Required fields are marked *