If the Windows Server host on which View Connection Server is installed does not trust the root certificate for the signed SSL server certificate, you must import the root certificate into the Windows local computer certificate store. In addition, if the View Connection Server host does not trust the root certificates of the SSL server certificates configured for security server, View Composer, and vCenter Server hosts, you also must import those root certificates.

If the View Connection Server, security server, View Composer, and vCenter Server certificates are signed by a root CA that is known and trusted by the View Connection Server host, and there are no intermediate certificates in your certificate chains, you can skip this task. Commonly used Certificate Authorities are likely to be trusted by the host.

Note

You do not have to import the root certificate into View Composer, vCenter Server, or security server hosts.

If a server certificate is signed by an intermediate CA, you also must import each intermediate certificate in the certificate chain. To simplify client configuration, import the entire intermediate chain to security server, View Composer, and vCenter Server hosts as well as View Connection Server hosts. If intermediate certificates are missing from a View Connection Server or security server host, they must be configured for View Clients and computers that launch View Administrator. If intermediate certificates are missing from a View Composer or vCenter Server host, they must be configured for each View Connection Server instance.

If you already verified that the entire certificate chain is imported into the Windows local computer certificate store, you can skip this task.

Note

If a SAML 2.0 authenticator is configured for use by a View Connection Server instance, the same guidelines apply to the SAML 2.0 authenticator. If the View Connection Server host does not trust the root certificate configured for a SAML 2.0 authenticator, or if the SAML 2.0 server certificate is signed by an intermediate CA, you must ensure that the certificate chain is imported into the Windows local computer certificate store.

1

In the MMC console on the Windows Server host, expand the Certificates (Local Computer) node and go to the Trusted Root Certification Authorities > Certificates folder.

If your root certificate is in this folder, and there are no intermediate certificates in your certificate chain, skip to step 7.

If your root certificate is not in this folder, proceed to step 2.

2

Right-click the Trusted Root Certification Authorities > Certificates folder and click All Tasks > Import.

3

In the Certificate Import wizard, click Next and browse to the location where the root CA certificate is stored.

4

Select the root CA certificate file and click Open.

5

Click Next, click Next, and click Finish.

6

If your server certificate was signed by an intermediate CA, import all intermediate certificates in the certificate chain into the Windows local computer certificate store.

a

Go to the Certificates (Local Computer) > Intermediate Certification Authorities > Certificates folder.

b

Repeat steps 3 through 6 for each intermediate certificate that must be imported.

7

Restart the View Connection Server service, Security Server service, View Composer service, or vCenter Server service to make your changes take effect.