vmware – replacing security server ssl cert

This page is hard to find, but it has it all…  http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1008705

To generate and import an SSL certificate on the VDM server:

Note: Certificates are only required for client‐facing systems (that is, standard, replica, or security VDM servers).
  1. All the commands related to certificates need to be run in System Context. From a command prompt, run:at <time> (In 24 hour format) /interactive cmd.exeFor example:at 21:45 /interactive cmd.exeThis opens a new command window in System Context.
  2. On the VDM or security server, change the directory to C:\Program Files\VMware\VMware VDM\Server\jre\bin.
  3. Run the following command to create a 1024bit self-signed SSL certificate:keytool -genkey -keyalg “RSA” -keystore keys.p12 -storetype pkcs12 -validity 360To generate 2048bit certificate, run the command:keytool -genkey -keyalg “RSA” -keysize 2048 -keystore keys.p12 -storetype pkcs12 -validity 360Note: The keys.p12 file is created in the current directory.
  4. Run the following command to create a certificate signing request (CSR):keytool -certreq -keyalg “RSA” -file certificate.csr -keystore keys.p12 -storetype pkcs12 -storepass <secret> , w here <secret> is the keystore passwordNote: The certificate.csr file is created in the same location.
  5. Send the CSR file (certificate.csr) to a certificate authority and request a certificate in PKCS7 format.Note: If the certificate authority does not offer PKCS7 as a format, see Exporting into PKCS7 format in this article for information about exporting the certificate data in the appropriate format.
  6. Copy the contents of the file into a text editor and save it as certificate.p7. The content appears similar to:—–BEGIN PKCS7—–
    MIIF+AYJKoZIhvcNAQcCoIIF6TCCBeUCAQExADALBgkqhkiG9w0BBwGgggXNMIID
    LDCCApWgAwIBAgIQTpY7DsV1n1HeMGgMjMR2PzANBgkqhkiG9w0BAQUFADCBhzEL
    i7coVx71/lCBOlFmx66NyKlZK5mObgvd2dlnsAP+nnStyhVHFIpKy3nsDO4JqrIg
    EhCsdpikSpbtdo18jUubV6z1kQ71CrRQtbi/WtdqxQEEtgZCJO2lPoIWMQA=
    —–END PKCS7—–

    Note: For more information about importing certificates issued by an OpenSSL CA, see Importing certificates issued by an OpenSSL CA (1007390).

  7. Run the following command to import certificates issued by CA:keytool -import -keystore keys.p12 -storetype pkcs12 -storepass <secret> -keyalg “RSA” -trustcacerts -file certificate.p7Where <secret> is the keystore password (the password you used when exporting the certificate).
  8. To configure the View Connection Server to use the new certificate, place the new certificate and copy the keys.p12 file (the keystore file) in C:\Program Files\VMware\View Manager\Server\sslgateway\conf.
  9. Modify or create the following file:C:\ProgramFiles\VMware\View Manager\Server\sslgateway\conf\locked.properties
  10. Add the following properties:keyfile=keys.p12
    keypass=<secret>

    Where <secret> is the keystore password (the password you used when exporting the certificate).

  11. Restart the View Connection Server service.

Exporting into the PKCS7 format

To export into the PKXS7 format:
  1. Open the certificate file.
  2. Click Details > Copy to File.
  3. Click PKCS7, then select Include Details of Certificate.

    The file is saved with a .P7B extension.

3 Replies to “vmware – replacing security server ssl cert”

  1. Wheen most people consider the oppoprtunities that exzist wwith hemp,
    they often times often look int how these materials are already utilized in earlier
    times, by a wide variety off different cultures. Thes arre a few exaples of the
    various incrediible popssibilities which might bbe developed when a person takles advantagee of
    the rresources of hemp products. Hemmp paper could be recycled morde
    tjmes tthan wood, hemp doesn’t need to be bleached thus stoppping the dumpung of toxic
    chemicals inmto lakes, streams and rivers. http://www.myafghan.com/where-to-buy-cbd-oil-in-phelps-ky

Leave a Reply to tali id card Cancel reply

Your email address will not be published. Required fields are marked *