You can configure SSL certificates for authentication of View Connection Server instances, security servers, and View Transfer Server instances.

A default SSL server certificate is generated when you install View Connection Server instances, security servers, or View Transfer Server instances. You can use the default certificate for testing purposes.

Important

Replace the default certificate as soon as possible. The default certificate is not signed by a Certificate Authority (CA). Use of certificates that are not signed by a CA can allow untrusted parties to intercept traffic by masquerading as your server.

View Connection Server instances, security servers, load balancers, and View Transfer Server instances require an SSL server certificate if they receive SSL connections.

If you enable SSL for client connections, client-facing View Connection Server instances, security servers, and load balancers that terminate SSL connections require an SSL server certificate.

If you enable the secure tunnel on a View Connection Server instance or security server, you must install an SSL server certificate on that server. Even if you use a load balancer to terminate SSL connections, View Client makes a second HTTPS connection to the View Connection Server or security server host on which you enabled the secure tunnel.

If you enable SSL for local mode operations and desktop provisioning, View Transfer Server instances require an SSL server certificate.

If you configure smart card authentication in VMware View, client-facing View Connection Server instances and security servers require a root CA certificate in addition to an SSL server certificate.

You can request an SSL server certificate that is specific to a web domain such as www.mycorp.com, or you can request a wildcard SSL server certificate that can be used throughout a domain such as *.mycorp.com. To simplify administration, you might choose to request a wildcard certificate if you need to install the certificate on multiple servers or in different subdomains. It is more usual to use domain-specific certificates in secure installations, and CAs usually guarantee more protection against losses for domain-specific certificates than for wildcard certificates. If you use a wildcard certificate, you need to ensure that the private key is transferrable between servers.

When you replace the default certificate with your own certificate, clients use your certificate to authenticate the server. If your certificate is signed by a CA, the certificate for the CA itself is typically embedded in the browser or is located in a trusted database that the client can access. After a client accepts the certificate, it responds by sending a secret key, which is encrypted with the public key contained in the certificate. The secret key is used to encrypt traffic between the client and the server.

You follow different procedures to configure certificates for use with View Connection Server and security server than you do for View Transfer Server. In addition, you can configure different levels of SSL security checking in View Client for Windows.