Setting up SSL and Sun Ray Connector for VMware VDM
By mprove on Nov 13, 2008
[originally posted by Sarah Fortune 14-Nov-2008, Last updated 24-Feb-2009]
There is a problem with the certificate that comes with the VDM connector. The VDM server's certificate uses a
default host name, which won't match the actual host name, so the SSL authentication will fail.
You'll need to generate one with the correct value and import it into the connection broker.
Here's the full set of instructions for using SSL:
1. Using the Windows command prompt, create a new keystore containing a public‐private key pair (filling in the appropriate password and hostname).
-genkey -keyalg RSA -keystore keys.p12 -storetype pkcs12 -storepass
<keystore_pass> -dname "cn=<hostname>"
To configure the VDM Connection Server to use the new certificate:
1. Place the new certificate file, keys.p12, in the following location on each VDM Connection Server (standard, replica, or security server):
C:\\Program Files\\VMware\\VMware VDM\\Server\\sslgateway\\conf
2. Create or edit the following file on each server:
3. Add the following properties, using the password from the previous step.
4. Restart the VDM service.
Assuming your environment is configured to use SSL, a message like the following appears in the event log:
13:57:40,676 INFO <Thread-1> (NetHandler) Using SSL certificate store: keys.p12 with password of 6 characters
This message indicates that the configuration is in use.
(There are more details in the VDM Installation and Administration Guide under 'Installing SSL Certificates')
The new certificate needs to be downloaded from VDM and installed into the keystore on the Sun Ray server.
1. Save the certificate using a web browser.
To do this in firefox you need the Cert View Plus extension:
Open the VDM connection broker web interface.
When you are asked to accept the certificate, choose Examine Certificate and then Export.
Save the certificate to file.
Open the VDM connection broker web interface
In the security alert, choose View Certificate, open the Details tab, and then Copy to File, and follow the steps in the wizard.
2. Copy the certificate file to the Sun Ray server where the VDM connector is installed.
3. Install the certificate into the keystore for VDM with the following command:
keytool -import -file <VDM_certificate> -trustcacerts -v -keystore /etc/opt/SUNWkio/sessions/vdm/keystore
If you previously imported a certificate you will get the message:
'Certificate not imported, alias <mykey> already exists'.
It is safe to delete the old keystore and rerun the command.
4. Edit the file:
Change the following line, using the password from the previous step:
5. There is a error in the vdm kiosk session, it can be fixed with the following
set of commands:
sed 's/trustStore=$javaKeyStorePass /trustStorePassword=$javaKeyStorePass /' /etc/opt/SUNWkio/sessions/vdm/vdm > /tmp/vdm
cp /tmp/vdm /etc/opt/SUNWkio/sessions/vdm/vdm
6. Restart any existing VDM connector kiosk sessions.
The VDM connector should now be to able to correctly authenticate SSL connections to VDM server.