Here are the steps I used back in View 5.0 to request and install an external certificate into a VMware View Security server or connection broker. Remember in order for the View client or web browser to be happy with the certificate we install three things need to match. One the name you went to needs to be the same name on the certificate so if we went to vdi.mydomain.com the certificate needs to have this name; two, the expiration date needs to be valid and the most important three is the certificate needs to be trusted by the client device. This guide will use a purchased certificate but for internal reasons you may want to use your own certificate authority. The only problem with this is you will need to make all internal clients trust the certificate in order to suppress the error message. For this reason I recommend if possible using the external name for the internal servers as well. In order to do this you most likely will need to spoof the external name internally. So for example if you point vdi.mydomain.com to 22.214.171.124 on the outside world you would also want to point vdi.mydomain.com on internal DNS servers to the internal IP such as 192.168.1.5 or something. This may not work in all cases.
Here is the procedure i used:
Add keytool to System path all connection brokers
C:\Program Files\VMware\VMware View\Server\jre\bin
Created a working directory:
CREATE KEY STORE
C:\view-certificate>keytool -genkey -keyalg “RSA” -keystore keys.p12 -storetype pkcs12 -validity 360 -keysize 2048
Enter keystore password:
Re-enter new password:
What is your first and last name?
What is the name of your organizational unit?
What is the name of your organization?
What is the name of your City or Locality?
What is the name of your State or Province?
What is the two-letter country code for this unit?
Is CN=vdi. domainof-your-choice.com, OU=Unknown, O= Your-org, L=City,
ST=OH, C=US correct?
CREATE KEY REQUEST
C:\view-certificate>keytool -certreq -keyalg “RSA” -file vdi-cert.csr -keystore
keys.p12 -storetype pkcs12 -storepass password
Now take your request and request a certificate from Verisign Go daddy etc:
Download the cert from wherever you requested it and open in internet explorer:
Do a certificate export as PKCS#7
NOW IMPORT THE CERT INTO THE .P12
C:\view-certificate>keytool -import -keystore keys.p12 -storetype pkcs12 -storepass password -keyalg “RSA” -trustcacerts -file vdi. vdi.mydomain.com.p7b
Certificate reply was installed in keystore
Copy the keys.p12 to:
C:\Program Files\VMware\VMware View\Server\sslgateway\conf
Add these two lines:
Restart the connection server service
Copy Keystore directory to any other connection servers you will access by the same name and restart the services.
Here are the referances I used:
Followed this guide page 75:
and the following link (more helpful):