Ce message est également disponible en : French
[Horizon View] Replace VMware Horizon View Self-signed certificate
How to replace the self-signed certificate from VMware in VMware Horizon View 6/7 by a signed certificate.
First thing to do, create your CSR file (Certificate Signing request is a block of encoded text that is given to a Certificate Authority when applying for an SSL Certificate). It can be a local Certificate Authority from your company or a third party authority.
In my case, i have create a CSR in my mac using openssl.
openssl req -nodes -newkey rsa:2048 -sha256 -keyout /yourpath/yourkey.key -out /yourpath/yourfile.csr
Next fill the field as expected regarding your infrastructure
The most important field is “Common Name”. This field have to match with your FQDN , horizon view connection server or security server.
Once your request is created , you can send it to your certificate authority.
Next, connect to your Horizon View Connection Server and start an mmc console and load the Certificate Snapin
Select “Computer account” and click on “Next”.
Select “Local Computer” and click on “Finish”.
Next, look for , “Certificates (Local Computer)” –> “Personnal” –> “Certificates”. You will retrieved the self-signed certificat issued by VMware. Open the properties of this certificate .
In the “Friendly Name” field, replace “vdm” by “vdm-old”. The Horizon connection server will check the friendly name field to find the proper certificate to used.
Now, import the new certificat from your mmc. Right click –> “All Tasks” –> “Import..”
Select your certificate and click on “Next”.
Move your certificate in the “Personnal” store and validate by “Next”.
Type the password for the private key and click on “Next”.
Click on “Finish”
Open the properties of the certificate that you just import.
In the “Friendly Name” field , type “vdm” and validate by clicking on “OK”.
Run the services.msc console and restart the “VMware Horizon View Connection Server” service
Et voila , log in to your Horizon View admin interface and check if your certificate is properly working.