Part 4 of Certificates for Horizon View 5.2: Exporting the Key

Last modified date

Comments: 0

This final part of the four part series on how to add certificates to Horizon View. For a lab environment it may not be necessary to do this since it is, after all, just a lab environment. All the screenshots were taken from a 2008 Active Directory server and 2008 Connection server. They may be different for Windows 2012 Active Directory (as of writing, Windows 2012 was not yet supported for the Connection Server).

1.    Go back to the Active Directory server mmc.
2.    Select Console Root and go to File → Add/Remove Snap-ins.
3.    Select Certificates and choose Computer Account from the Certificates Snap-in.
4.    Click Next and Finish.
5.    Click OK.
6.    Click the + and find the Trusted Root Certificates folder
7.    Click on the subfolder of Certificates.

cert-all-certs

8.    Find the <name>-CA certificates (they should match the name of the one your created). Find the one with the little key on it

cert-AD-private

9.    Right click on the certificate (the one with the key) and go to All Tasks → Export..
10.    Click Next on the Welcome to the Certificate Export Wizard.
11.    On the Export File Format page, leave the defaults of DER and click Next.
12.    For File Name, select the Browse… button and put in the following:
c:\Certs\root_cer.cer
13.    Click Next and Finish.
14.    Click OK on the Export successful dialog box.
15.    Go back to the Connection server.
16.    Click Start → Run and type in \\<Active Directory server>\Certs
17.    Copy the root_cer.cer to C:\Program Files\VMware\VMware View\Server\sslgateway\conf
18.    Go to Start → Run and type cmd
19.    At the commandline type the following command:

PATH=%PATH%;"c:\Program Files\VMware\VMware View\Server\jre\bin"

20.    Then type

cd :\Program Files\VMware\VMware View\Server\sslgateway\conf\

21.     The last commandline to type is the following:

keytool -import -alias Horizon -file root_cer.cer -keystore trustedkey.key

22.    Enter the administrator password for the keystore password. Enter it a second time to verify.

cert-importing

23.    For the Trust this certificate question enter

Yes

24.    Switch to a Windows Explorer window and navigate to C:\Program Files\VMware\VMware View\Server\sslgateway\conf
25.    Select Organize from the menu bar and choose Folder and Search options.
26.    Select the View Tab and uncheck the Hide extensions for known file types option
27.    Click Apply and OK.
28.    In the whitespace under the trustedkey.key right click.
29.    Choose Text Document and replace the New Text Document.txt name with locked.properties
30.    Click Yes for the Rename dialog box.
31.    Right click on locked.properties and choose Open
32.    Choose Select a program from a list of installed programs and click OK
33.    Choose Notepad, leaving the rest of the settings as is and press OK.
34.    In the locked.properties file enter the following text (make sure there is no extra characters or lines after the last line):

trustKeyfile=trustedkey.key
trustStoretype=JKS
useCertAuth=true

35.    Save the file and close Notepad.
36.    Go to Start → Run  and type Services.msc
37.    Find the VMware View Connection Server service. And click on Restart.

Final notes/thoughts: it may take a minute or two for the Dashboard to release the “red square” beside the Connection server. Be patiet and refresh the Dashboard after a minute or two. This can be done without the Connection Server being licensed (for those environments that may be turnkey or waiting for licensing, this can be done in advance).

Oh, where to begin? Let's see.. I lived in the US for 13 years (3 years in NYC and 10 years in Los Angeles area). I'm a huge MMORPG fan (I've been a die-hard World of Warcraft player since mid-2007 -- For the Horde!). And have numerous tattoos, including one about VMware and one about Warcraft. I enjoy the occasional cigar with a single malt (for a while, I even had a cigar aficionado blog). I used to enjoy long distance solo cycling and am hoping to restart it here in Nova Scotia. I live just outside of Halifax, Nova Scotia with my wife, our 3 cats and our Golden Retriever.

I'd love to hear from y'all. Leave me a message or comment!

%d bloggers like this: