1. Create the certificate keystore on the view server
- Add C:\Program Files\VMware\VMware View\Server\jre\bin to PATH
- At cmd prompt run cd "c:\program files\vmware\vmware view\server\sslgateway\conf"
- keytool -genkey -keyalg "RSA" -keystore keystorefilename.p12 -storetype pkcs12 -validity days
- Provide and confirm a keystore password when prompted (this will be stored in clear text later by the way)
- You will then get prompted for your first and last name. Use the servername.domainname. Answer the other questions if you want.
- Type yes to confirm
2. Create the CSR request
- keytool -certreq -keyalg "RSA" -file csrfilename.csr -keystore keystorefilename.p12 -storetype pkcs12
- Use password from keystore creation
3. Submit CSR request to Windows CA
- Open IE and go to your CAs certificate request page
- Request advanced cert
- Submit a certificate request
- Copy and paste content of csrfilename.csr file
- Cert template: Web
- Additional attributes san:dns=blah&dns=blah.domainname&dns=ip (must've already run editflag command on CA server for this to wor as per my last post)
- Save the Base64chain p7b file to c:\program files\vmware\vmware view\server\sslgateway\conf
4. Import certificate chain into keystore
- keytool -import -keystore keystorefilename.p12 -storetype pkcs12 -keyalg "RSA" -trustcacerts -file base64chain.p7b
- At prompt type yes
You then need to edit/create "locked.properties" text file in c:\program files\vmware\vmware view\server\sslgateway\conf which contains 2 lines:
keyfile=keystorefilename.p12
keypass=keystorepass
5. Reboot (VM says that restarting VM view web services should do but I haven't had that work but it might for you)
Keine Kommentare:
Kommentar veröffentlichen