You must follow certain guidelines for configuring SSL certificates for View servers and related components.

SSL is required for View Client connections to View. Client-facing View Connection Server instances, security servers, and intermediate servers that terminate SSL connections require SSL server certificates.

By default, when you install View Connection Server or security server, the installation generates a self-signed certificate for the View server. However, the installation uses an existing certificate in the following cases:

If a valid certificate with a Friendly name of vdm already exists in the Windows Certificate Store

If you upgrade to View 5.1 or later from an earlier release, and a valid keystore file is configured on the Windows Server computer. The installation extracts the keys and certificates and imports them into the Windows Certificate Store.

Before you add vCenter Server and View Composer to View Manager in a production environment, make sure that vCenter Server and View Composer use certificates that are signed by a CA.

For information about replacing the default certificate for vCenter Server, see the vSphere Examples and Scenarios document.

If you install vCenter Server and View Composer on the same Windows Server host, they can use the same SSL certificate, but you must configure the certificate separately for each component.

You do not have to configure SSL certificates for View Transfer Server if you are installing View 5.1 or later.

A default, self-signed certificate is installed with View Transfer Server that View Connection Server uses to handle secondary connections to View Clients. See View Transfer Server and SSL Certificates.

For general information about requesting and using SSL certificates that are signed by a CA, see Benefits of Using SSL Certificates Signed by a CA.

When View Clients connect to a View Connection Server instance or security server, they are presented with the View server's SSL server certificate and any intermediate certificates in the trust chain. To trust the server certificate, the client systems must have installed the root certificate of the signing CA.

When View Connection Server communicates with vCenter Server and View Composer, View Connection Server is presented with SSL server certificates and intermediate certificates from these servers. To trust the vCenter Server and View Composer servers, the View Connection Server computer must have installed the root certificate of the signing CA.