If you obtained a certificate and its private key in PEM or another format, you must convert it to PKCS#12 (PFX) format before you can import the certificate into a Windows certificate store on a View server host.

You might obtain a certificate keystore file from a CA, or your organization might provide you with certificate files, in various formats. For example, your certificates might be in PEM format, which is often used in a Linux environment. Your files might have a certificate file, key file, and CSR file with the following extensions:


The CRT file contains the SSL certificate that was returned by the CA. The CSR file is the original certificate signing request file and is not needed. The KEY file contains the private key.

Verify that OpenSSL is installed on the system. You can download openssl from http://www.openssl.org. To run openssl from any directory on the system, see Add openssl to the System Path.

Generate a PKCS#12 (PFX) keystore file from the certificate file and your private key.

For example: openssl pkcs12 -export -out server.p12 -inkey server.key -in server.crt -certfile CACert.crt

In this example, CACert.crt is the name of the root certificate that was returned by the certificate authority.

You can also generate a keystore with a PFX extension. For example: -out server.pfx

Import the certificate into the Windows local computer certificate store on the View server host. See "Configure View Connection Server, Security Server, or View Composer to Use a New SSL Certificate" in the VMware Horizon View Installation document.