This page is hard to find, but it has it all… http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1008705
To generate and import an SSL certificate on the VDM server:Note: Certificates are only required for client‐facing systems (that is, standard, replica, or security VDM servers).
- All the commands related to certificates need to be run in System Context. From a command prompt, run:at <time> (In 24 hour format) /interactive cmd.exeFor example:at 21:45 /interactive cmd.exeThis opens a new command window in System Context.
- On the VDM or security server, change the directory to C:\Program Files\VMware\VMware VDM\Server\jre\bin.
- Run the following command to create a 1024bit self-signed SSL certificate:keytool -genkey -keyalg “RSA” -keystore keys.p12 -storetype pkcs12 -validity 360To generate 2048bit certificate, run the command:keytool -genkey -keyalg “RSA” -keysize 2048 -keystore keys.p12 -storetype pkcs12 -validity 360Note: The keys.p12 file is created in the current directory.
- Run the following command to create a certificate signing request (CSR):keytool -certreq -keyalg “RSA” -file certificate.csr -keystore keys.p12 -storetype pkcs12 -storepass <secret> , w here <secret> is the keystore passwordNote: The certificate.csr file is created in the same location.
- Send the CSR file (certificate.csr) to a certificate authority and request a certificate in PKCS7 format.Note: If the certificate authority does not offer PKCS7 as a format, see Exporting into PKCS7 format in this article for information about exporting the certificate data in the appropriate format.
- Copy the contents of the file into a text editor and save it as certificate.p7. The content appears similar to:—–BEGIN PKCS7—–
Note: For more information about importing certificates issued by an OpenSSL CA, see Importing certificates issued by an OpenSSL CA (1007390).
- Run the following command to import certificates issued by CA:keytool -import -keystore keys.p12 -storetype pkcs12 -storepass <secret> -keyalg “RSA” -trustcacerts -file certificate.p7Where <secret> is the keystore password (the password you used when exporting the certificate).
- To configure the View Connection Server to use the new certificate, place the new certificate and copy the keys.p12 file (the keystore file) in C:\Program Files\VMware\View Manager\Server\sslgateway\conf.
- Modify or create the following file:C:\ProgramFiles\VMware\View Manager\Server\sslgateway\conf\locked.properties
- Add the following properties:keyfile=keys.p12
Where <secret> is the keystore password (the password you used when exporting the certificate).
- Restart the View Connection Server service.
Exporting into the PKCS7 formatTo export into the PKXS7 format:
- Open the certificate file.
- Click Details > Copy to File.
- Click PKCS7, then select Include Details of Certificate.
The file is saved with a .P7B extension.