VM Desktop Virtualization--Connection server self-signed certificate substitution

Connect the server to replace the self-signed certificate OpenSSL

A paragraph of each chapter:

Excuses too many people, success and he did not, finally doomed to rest sigh, regret, any thing, afraid! You will lose your life.

One, install the following roles within the Windows server AD server
1. IIS, "with IIS client credential corresponding authentication" and "Client credential corresponding authentication" required.
2. Active Directory credential service. You need to check the certificate Authority unit and the Certification Authority Unit page registration.

Ii. installation of OpenSSL

1. Win64 OpenSSL v1.0.1c
2. Visual C + + redistributables (x64)

The second software generally 2008 comes with the installation

Iii. operation of OpenSSL
1. Turn on CMD and jump to the C:\OpenSSL-Win64\bin directory.
2. Under SET openssl_conf=c:\openssl-win64\bin\openssl.cfg instruction.
3. Generate key and CSR files as follows:

C:\openssl-win64\bin>openssl req-newkey rsa:2048-keyout view-cs.key-nodes-days 3650-out VIEW-CS.CSR
Loading ' screens ' into random state–done
Generating a 2048 bit RSA private key ... ... ... ... ..... ... ..... ... + + + +/-+ +/-+/-+ +/+/+/+/+/+/+ +
Writing new private key to ' View-cs.key '
—–
You is about to being asked to enter information that'll be incorporated into your certificate request. What's about-to-enter is called a
Distinguished Name or a DN. There is quite a few fields but can leave some blank for some fields there would be a default value, If you enter '. ' , the
Field would be a left blank. —–
Country Name (2 letter code) [AU]:TW
State or province name (full name) [Some-state]:taiwan
Locality Name (eg, city) []:taipei
Organization Name (eg, company) [Internet widgits Pty ltd]:ntueees
Organizational Unit Name (eg, section) []:admin
Common name (e.g. server FQDN or YOUR name) []:view.itrg.com (!! The FQDN of the connection server)
Email Address []:[email protected]

Please enter the following ' extra ' attributes-be-sent with your certificate request
A Challenge Password []:
An optional company name []:

4. Open the VIEW-CS.CSR that you just created and copy the contents to the Active Directory credentials Service Web page on the AD server, such as http://ca.itrg.com/certsrv/
5. Press "Request Certificate"->"Advanced Certificate"->"to submit a voucher request using a BASE-64 encoded CMC or PKCS #10 file, or submit it with a Base-64 encoded PKCS #7 file
Update requirements.
6. Open the CERTIFICATE.CSR that you just created and copy the contents to the BASE-64 encoded voucher field, the certificate template is selected "web server".
7. The voucher is BASE64 encoded to the C:\OpenSSL-Win64\bin, the file name is usually called Certnew.cer
8. Under cmd under the following OpenSSL pkcs12-export-in certnew.cer-inkey view-cs.key–name vdm-passout pass:yourpassword-out View-CS. pFX

Iv. Incoming voucher
1. Under CMD mmc.exe
2."file"->"Add or Remove Snap-in"->"certificate", select "Computer account" as. Other default

650) this.width=650; "Style=" border-bottom:0px; border-left:0px; border-top:0px; border-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M01/6C/1B/ Wkiol1vaurgd5pipaaa7bxo9pco404.jpg "" 244 "height="/>

3. Click "Certificates (local computer)"->"personal" in the console root directory on the left side of MMC.
4. On the right, press mouse right-click "All Tasks"->"import" to select the. pfx file that you just created.

650) this.width=650; "Style=" border-bottom:0px; border-left:0px; border-top:0px; border-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M02/6C/1F/ Wkiom1vat7tiwgewaabv-enyc6u189.jpg "" 236 "height=" 244 "/>

5. Enter the password for the keyin and tick the "mark this key as exportable key" and press the next step.

650) this.width=650; "Style=" border-bottom:0px; border-left:0px; border-top:0px; border-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M00/6C/1F/ Wkiom1vat7msnh9saabmzgcadtu636.jpg "" 244 "height=" 204 "/>
6. Click "Place all certificates in the following store" and the certificate store select "Personal" and click Next to finish.

Attention!! If the certificate displays the message "This is not trusted with the CA", do the following:

Log on to the certificate Request page, for example: http://ca.itrg.com/certsrv/
650) this.width=650; "Style=" border-bottom:0px; border-left:0px; border-top:0px; border-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M01/6C/1F/wKiom1VAT8KyP74lAABsZf_ Ygcg206.jpg "" 244 "height=" 134 "/> Download the CA certificate or certificate chain and import the CA certificate into the trusted root certification authority. "Right-click Install certificate", "Put all certificates into the following storage", "Preview", "Trusted Root Certification Authorities" completed

650) this.width=650; "Style=" border-bottom:0px; border-left:0px; border-top:0px; border-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M02/6C/1F/ Wkiom1vat8wdldgpaabswgkxp5q428.jpg "" 244 "height="/>

7. Restart Connection Server
8. Log in to the VMware View Administrator Check if the Connection Servers under Dashboard turns green. Such as.

650) this.width=650; "Style=" border-bottom:0px; border-left:0px; border-top:0px; border-right:0px "border=" 0 "alt=" image "src=" http://s3.51cto.com/wyfs02/M00/6C/1B/wKioL1VAUS7QzCP_ Aaaodad5fd4687.jpg "" 244 "height=" 123 "/>

Attention!! This is the time to complete the replacement of the certificate, note that this time when the client uses SSL encryption to log in when the input is the FQDN of the connection server (fully qualified domain name). Note DNS resolution.

VM Desktop Virtualization--Connection server self-signed certificate substitution