In Part 2 of this series I will be switching the Connection & Security Servers default SSL certificates to trusted SSL certificates. Once you obtain the replacement certificates the swap is very simple and easy! You can jump to Part 3 if you are just testing View in your environment and have no care if the certificate is valid.
vBoring Blog Series:
Untrusted / Invalid Certificate:
On the View Administrator Console the Connection and Security Servers will have a red square stating it has a Invalid and Untrusted Certificate. To resolve this you will need to create a signed certificate from an internal or external CA. For your Connection Servers you can use a internal certificate but for Security Servers you need to use a outside trusted CA. I used StartSSL.com to create a wildcard certificate for my domain and will be using it. To read more about creating your certificates check out the VMware document: Scenarios for Setting Up SSL Certificates for View. It says for Horizon View 6 but it carries over to Horizon View 7.
Changing Certificate on Connection/Security Servers:
The process for updating the certificate is the same on the Connection and Security Servers. Once you have the certificate(s) we need to import into the Windows Certficiate store. Login to your Connection/Security Server, open MMC.exe ->File -> Add/Remove Snap-in… -> Select Certificates -> Add:
Select Computer Account then click Next:
Drill down to Certificates/Personal/Certificates. Under the Friendly Name column find the one that says vdm. Right click and go to Properties:
We are going to rename the friendly name. Add a -original to the end then click Apply/Ok:
Now the Friendly Name is changed (vdm-original) right click in the white area, hover to All Tasks -> Import:
Go through the Import Wizard and import the certificate you wish to use. Ensure you check the box that says “Mark this key as exportable“. If that box is not checked then the certificate will not work.
Now the certificate is imported right click it and go to Properties:
Change the friendly name to vdm then click Apply/Ok:
You can restart the View services but I found it easier to just reboot the server and let everything come up clean.
Once rebooted and services are started open your browser and go to the Administrator Console. You will notice it is using the new certificate!
On the Dashboard screen both Connection Server/Security Server will no longer have a red square as the certificate is now valid:
Proceed to the next step:
