Request and install external certificate into VMware view

Here are the steps I used back in View 5.0 to request and install an external certificate into a VMware View Security server or connection broker.  Remember in order for the View client or web browser to be happy with the certificate we install three things need to match.  One the name you went to needs to be the same name on the certificate so if we went to the certificate needs to have this name; two, the expiration date needs to be valid and the most important three is the certificate needs to be trusted by the client device.  This guide will use a purchased certificate but for internal reasons you may want to use your own certificate authority.  The only problem with this is you will need to make all internal clients trust the certificate in order to suppress the error message.  For this reason I recommend if possible using the external name for the internal servers as well.  In order to do this you most likely will need to spoof the external name internally.  So for example if you point to on the outside world you would also want to point on internal DNS servers to the internal IP such as or something.  This may not work in all cases.

Here is the procedure i used:

Add keytool to System path all connection brokers


C:\Program Files\VMware\VMware View\Server\jre\bin

Created a working directory:

C:\>mkdir view-certificate

C:\>cd view-certificate


C:\view-certificate>keytool -genkey -keyalg “RSA” -keystore keys.p12 -storetype pkcs12 -validity 360 -keysize 2048

Enter keystore password:

Re-enter new password:

What is your first and last name?


What is the name of your organizational unit?


What is the name of your organization?

[Unknown]:  Your-org

What is the name of your City or Locality?

[Unknown]:  City

What is the name of your State or Province?

[Unknown]:  OH

What is the two-letter country code for this unit?

[Unknown]:  US

Is CN=vdi., OU=Unknown, O= Your-org, L=City,

ST=OH, C=US correct?

[no]:  yes


C:\view-certificate>keytool -certreq -keyalg “RSA” -file vdi-cert.csr -keystore

keys.p12 -storetype pkcs12 -storepass password

Now take your request and request a certificate from Verisign Go daddy etc:

Download the cert from wherever you requested it and open in internet explorer:

Do a certificate export as PKCS#7


C:\view-certificate>keytool -import -keystore keys.p12 -storetype pkcs12 -storepass password -keyalg “RSA” -trustcacerts -file vdi.

Certificate reply was installed in keystore

Copy the keys.p12 to:

C:\Program Files\VMware\VMware View\Server\sslgateway\conf

Create  file

Add these two lines:



Restart the connection server service

Copy Keystore directory to any other connection servers you will access by the same name and restart the services.

Here are the referances I used:

Followed this guide page 75:

and the following link (more helpful):


Leave a Reply




WordPress Appliance - Powered by TurnKey Linux