1.) The first thing we need to do on the View Security Gateway server is to modify the Path environmental variable to include the path to the keytool tool. Keytool is what vmware uses to create, import, and modify Vmware certificates.
- Right click My Computer and select properties
- Choose Advance System Settings
- Click on Environmental Variables
- Under System Variables, select Path and choose Edit
- Put a ; after the last entry, then add install_directory\VMware\VMware View\Server\jre\bin
- Click Ok 3 times
3.) Run the following command to create a key
- keytool -genkey -keyalg "RSA" -keystore keys.p12 -storetype pkcs12 -validity 360 -keysize 2048
- When prompted, create a password for the new key file
- When prompted for your first and last name, enter in the external dns name that will be used to access the view security gateway
- Continue to enter in your OU, City, State, Country
- keytool -certreq -file filename.csr -keystore keys.p12 -storetype pkcs12 -storepass password (from step 3)
6.) Once you have the new cert from the CA, you will need to convert the cert to a p7b file. This is where I ran into some issues. I had to do this on an XP machine, then copy the p7b file to my 2008 server...my server wouldn't recognize the cert path when I tried to do this...even after importing the root and intermediate certs...weird
- Open the cer file and click on the Details Tab
- Click Copy to file
- Click Next
- Select Cryptographic Message Syntax Standard - PKCS #7 Certificates (p7b)
- Also select Include all certificates in the certification path
- Give the file a name and save it
- Copy the file to your server
- keytool -import -keystore keys.p12 -storetype pkcs12 -storepass password -keyalg "RSA" -trustcacerts -file filename.p7b
- you should receive a message stating "Certificate reply was installed in keystore"
9.) Create a file called locked.properties
10.) Open locked.properties with a txt editor and add the following lines
- keyfile=keys.p12
- keypass=password
12.) You should be all set now.
Yeahhh this is working!!! but how could you get another page with the user logged into the website... for example the account page of the user. cheap wildcard ssl
ReplyDelete