To obtain a signed certificate from a CA, you must use keytool to generate a keystore file and a certificate signing request (CSR) file. For testing purposes, you can obtain a free temporary certificate based on an untrusted root from many CAs.

Determine the fully qualified domain name (FQDN) that client computers use to connect to the host.

1

Open a command prompt and use keytool to create a keystore file.

For example: keytool -genkeypair -keyalg "RSA" -keysize 2048 -keystore keys.jks -storepass secret

If you are going to import an intermediate certificate into the keystore file, you must specify a Java keystore file such as keys.jks.

2

When keytool prompts you for your first and last name, type the fully qualified domain name (FQDN) that client computers use to connect to the host.

Option

Action

View Connection Server instance

Type the FQDN of the View Connection Server host if you have one View Connection Server instance. Type the FQDN of the load balancer host if you use load balancing.

Security server

Type the FQDN of the security server host.

Important

If you type your name, the certificate will be invalid.

keytool creates the keystore file in the current directory.

3

Use keytool to create a CSR file with a name such as certificate.csr.

For example: keytool -certreq -file certificate.csr -keystore keys.jks -storepass secret

keytool creates the CSR file in the same directory as the keystore file.

4

Send the CSR file to the CA in accordance with the CA's enrollment process and request a certificate.

After conducting some checks on your company, the CA signs your request, encrypts it with a private key, and sends you a validated certificate.

If your View Connection Server instance or security server does not trust the root certificate for your server certificate, import the root certificate into your keystore file before you import the server certificate. See Import a Root Certificate into a Keystore File.

If your server certificate is signed by an intermediate CA, import the intermediate certificate into your keystore file. See Import an Intermediate Certificate into a Keystore File.

If you downloaded a server certificate, import it into your keystore file. See Import a Signed Server Certificate into a Keystore File.