GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.
![]() ![]() Join GitHub todaySign up
If a vCenter Server or View Composer instance is configured with a certificate that is signed by a CA, and the root certificate is trusted by View Connection Server, you do not have to accept the certificate thumbprint. No action is required. If you replace a default certificate with a certificate that is signed by a CA, but View Connection Server does not trust the root certificate, you must.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking âSign up for GitHubâ, you agree to our terms of service and privacy statement. Weâll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Commentscommented Aug 17, 2017â¢
changed the title
commented Aug 28, 2017â¢
closed this Aug 28, 2017
Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment
Thank you all in advance. I am in the middle of standing up a VDI environment for 100 users. I have the one 2012R2 server VM configured and Installed for the Connection server. I have a second 2012R2 VM with SQL express for the log database. I am in the process of building my first gold image.The issue is that the self signed cert on the connection server is being flagged.My questions are1.
Does it matter that is is a self signed cert. I do not have a CA set up in the environment.2. Is there any performance issue to using a self signed cert or do I need to get one from a Commerical CA?I'v read many posts including the post by Derek SeamanI'm really confused on the whole Certificate config,please help!Thank you. Some of the common area miss out include:- To configure a View Connection Server instance or security server to recognize and use an SSL certificate, you must modify the certificate Friendly name to vdm.- To import the root certificate and intermediate certificates into the Windows local computer certificate store. After all certificates in the chain are imported, you must restart the View Connection Server service or Security Server service to make your changes take effect.- In the case of untrusted SSL, to import into Windows Server host on which View Connection Server is installed the signed SSL server certificate. The root certificate into the Windows local computer certificate store. For if the View Connection Server host does not trust the root certificates of the SSL server certificates configured for security server, View Composer, and vCenter Server hosts, you also must import those root certificates.- Also must accept a certificate thumbprint when you upgrade from an earlier View release to View 5.1 or later, and a vCenter Server or View Composer certificate is untrusted, or if you replace a trusted certificate with an untrusted certificate.Do catch also the tutorial for obtaining SSL cert.
Its is useful guide - 'Obtaining SSL Certificates for VMware View Servers'Collapse all contentsObtaining SSL Certificates from a Certificate AuthorityDetermining If This Document Applies to YouSelecting the Correct Certificate TypeGenerating a Certificate Signing Request and Obtaining a Certificate with Microsoft CertreqConvert a Certificate File to PKCS#12 Format. I understand by default, when you install View Connection Server or security server, the installation generates a self-signed certificate for the View server.
It has the as the Friendly Name of âvdmâ and this is what View uses as an identifier. Of course, you can also have other certificate issued by our Windows CA (or other CA). Eventually the one with 'vdm' is the one used. Importantly, the Common name needs to be the same as the FQDN. Typically once you have verified and applied the SSL certificate to a View connection server, you will follow the same process for other connection servers, security server and the composer server.In the case of gold image, as each connection instance has unique host, it seems you need a wildcard SSL cert insteadWildcard CertificateA wildcard certificate is generated so that it can be used for multiple services.
For example:.company.com.A wildcard is useful if many servers need a certificate. If other applications in your environment in addition to View need SSL certificates, you can use a wildcard certificate for those servers, too.NoteYou can use a wildcard certificate only on a single level of domain. For example, a wildcard certificate with the subject name.company.com can be used for the subdomain dept.company.com but not dept.it.company.com.This blog @ is using exactly your links shared and following on to update the connection server. It then looks like as author advised.On this step, you will pick the certificate template that we wish to use.
Again you could probably get by with the Web Server one that is built into the Windows CA, but using the VMware-SSL one created earlier off the post linked is the one Iâll be using.in reference to his first link to create the template to check before going into his steps.I did not delve further though but it is the same link as in your posted qns.probably has to step back and retrace over again the steps to verify. Need to build a certificate template then, need to fulfill the pre-req before you can get to see the template e.g.- When a Windows Server 2008âbased CA is installed, a set of default certificate templates is assigned to the CA so that the CA is immediately able to issue certificates for those templates. This is inclusive of Web server template. Noet that these templates are installed in AD DS when an enterprise CA is installed.- We will need certificates based on version 2 or version 3 templates as they can be modify compared to version 1. The newer version can only be issued by an enterprise CA and require an Active Directory environment based on Windows Server 2003 or higher. Note that CAs installed on computers running Windows Server 2008 Standard and Windows Server 2003 Standard Edition support only version 1 templates.- As stated in the article you shared, it also stated may have problems with âstandardâ edition CAs prior to Windows Server 2012, as they lack some certificate features found in Enterprise or higher editions. Minimally Windows Server 2012 standard edition has the full compliment of certificate options hence no need for Enterprise edition)- Thereafter we can start to perform any of the tasks associated with creating a certificate template, and do note you must be logged on as a member of the Enterprise Admins group, a member of the forest root domain's Domain Admins group, or as a user who has been granted permission to perform the task.The steps is shared in for the duplicate template.
Unless we cross the template issue otherwise the rest of the prev shared article cannot be performed (yet).
![]() Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2023
Categories |