Certificate change in VMware view or Horizon

I’ve recently changed the certificate for the one of the customers VMware view,I went through the KB article list in the public.I’ve added the certificate in the Certificate mmc but the license haven’t get change.For individual version you need to follow the steps mention below

When you receive updated server SSL certificates or intermediate certificates, you import the certificates into the Windows local computer certificate store on each View Connection Server, security server, or View Composer host.

Typically, server certificates expire after 12 months. Root and intermediate certificates expire after 5 or 10 years.

Procedure for VMware Horizon View 5.0

1 Copy the keystore file that contains your certificate to the SSL gateway configuration directory on the View Connection Server or security server host.

For example: install_directory\VMware\VMware View\Server\sslgateway\conf\keystore_file

keystore_file is the name of the keystore file.

For example, your keystore file might be keys.jks if you imported your certificate with the keytool utility.

Your keystore file might be keys.pfx if you have an existing PKCS#12 file or you exported an existing Microsoft IIS SSL server certificate.

2 Add the keyfile, keypass, and storetype properties to the locked.properties file in the SSL gateway configuration directory on the View Connection Server or security server host.

If the locked.properties file does not already exist, you must create it.

a Set the keyfile property to the name of your keystore file.

For example: keyfile=keys.jks or keyfile=keys.pfx

b Set the keypass property to the password for your keystore file.

For example: keypass=MY_PASS

c Set the storetype property to match the type of the keystore file.

 

Option Description
PKCS#12 or PFX file Set the value of storetype to pkcs12:

storetype=pkcs12

Java keystore file Set the value of storetype to jks:

storetype=jks

You must specify the storetype property for a Java keystore file.

3 Restart the View Connection Server service or Security Server service to make your changes take effect.

Procedure for VMware Horizon View 5.2 and 5.3 

1

 

Import the signed SSL server certificate into the Windows local computer certificate store on the Windows Server host.

a In the Certificate snap-in, import the server certificate into the Certificates (Local Computer) > Personal > Certificates folder.
b Select Mark this key as exportable.
c Click Next and click Finish.
2 For View Connection Server or security server, delete the certificate Friendly name, vdm, from the old certificate that was issued to the View server.

a Right-click the old certificate and click Properties
b On the General tab, delete the Friendly name text, vdm.
3 For View Connection Server or security server, add the certificate Friendly name, vdm, to the new certificate that is replacing the previous certificate.

a Right-click the new certificate and click Properties
b On the General tab, in the Friendly name field, type vdm.
c Click Apply and click OK.
4 For a server certificate that is issued to View Composer, run the SviConfig ReplaceCertificate utility to bind the new certificate to the port used by View Composer.

This utility replaces the old certificate binding with the new certificate binding.

a Stop the View Composer service.
b In a Windows command prompt, type the SviConfig ReplaceCertificate command. For example:

sviconfig -operation=ReplaceCertificate

-delete=false

The utility displays a numbered list of SSL certificates that are available in the Windows local computer certificate store.

c To select a certificate, type the number of the certificate and press Enter.
5 If intermediate certificates are issued to a View Connection Server, security server, or View Composer host, import the most recent update to the intermediate certificates into the Certificates (Local Computer) > Intermediate Certification Authorities Certificates folder in the Windows certificate store.
6 Restart the View Connection Server service, Security Server service, or View Composer service to make your changes take effect.

Procedure forVMware Horizon View 5.2 and above 

1 Stop the View Composer service.
2 Open a command prompt on the Windows Server host where View Composer is installed.
3 Navigate to the SviConfig executable file.

The file is located with the View Composer application. The default path is C:\Program Files (x86)\VMware\VMware View Composer\sviconfig.exe.

4 Type the SviConfig ReplaceCertificate command.

For example:

sviconfig -operation=ReplaceCertificate

-delete=false

where -delete is a required parameter that operates on the certificate that is being replaced. You must specify either -delete=true to delete the old certificate from the Windows local computer certificate store or -delete=false to keep the old certificate in the Windows certificate store.

The utility displays a numbered list of SSL certificates that are available in the Windows local computer certificate store.

5 To select a certificate, type the number of a certificate and press Enter.
6 Restart the View Composer service to make your changes take effect.

Example: SviConfig ReplaceCertificate

The following example replaces the certificate that is bound to the View Composer port:

sviconfig -operation=ReplaceCertificate

-delete=false

 

 

Reference  KB :

 

https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1008705

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s