Monday, October 8, 2012

VMWare View 5.1 Certificate Installation Guide

 

Most of what you need to know can be found here:

http://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=2032400&sliceId=1&docTypeID=DT_KB_1_1&dialogID=451166996&stateId=1%200%20451194879

This is the rest you need to know:

I would recommend using a wildcard certificate for your servers otherwise you will need a separate certificate for each server.

Here is an example of a 2048 key wildcard for oppihle.org’s

“request.inf”

[Version]
Signature="$Windows NT$"
[NewRequest]
Subject = "CN=*.oppihle.org, OU=oppihle.org, O=Oppihle, L=Louisville, S=Kentucky, C=US" ; replace with the FQDN
KeySpec = 1
KeyLength = 2048
; Can be 1024, 2048, 4096, 8192, or 16384.
; Larger key sizes are more secure, but have
; a greater impact on performance.
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication
[RequestAttributes]
; SAN="dns=FQDN_you_require&dns=other_FQDN_you_require"

Note: SAN listed above is DNS SAN (Subject Alternative Name) not storage SAN

When you import your certificate onto your servers into the personal certificates you need to change the general name properties to “vdm” if you have an existing already named “vdm” rename it “oldvdm”

Then restart view services and confirm it is working properly

1 comment:

  1. Its really instant process of SAN certificate installation. We really glad to make its part of our SSL education. It will really aid our web users those are really facing issues at the installation of SAN certificate.

    ReplyDelete