To obtain a signed certificate from a Windows Domain or Enterprise CA, you can use the Windows Certificate Enrollment wizard in the Windows Certificate Store.

This method of requesting a certificate is appropriate if communications between computers remain within your internal domain. For example, obtaining a signed certificate from a Windows Domain CA might be appropriate for server-to-server communications.

If your clients connect to View servers from an external network, request SSL server certificates that are signed by a trusted, third-party CA.

Determine the fully qualified domain name (FQDN) that client devices use to connect to the host.

To comply with VMware security recommendations, use the FQDN, not a simple server name or IP address, even for communications within your internal domain.

Verify that the Certificate snap-in was added to MMC. See Add the Certificate Snap-In to MMC.

Verify that you have the appropriate credentials to request a certificate that can be issued to a computer or service.

1

In the MMC window on the Windows Server host, expand the Certificates (local computer) node and select the Personal folder.

2

From the Action menu, go to All Tasks > Request New Certificate to display the Certificate Enrollment wizard.

3

Select a Certificate Enrollment Policy.

4

Select the types of certificates that you want to request, select the Make private key exportable option, and click Enroll.

5

Click Finish.

The new signed certificate is added to the Personal > Certificates folder in the Windows Certificate Store.

Verify that the server certificate and certificate chain were imported into the Windows Certificate Store.

For a View Connection Server instance or security server, modify the certificate friendly name to vdm. See Modify the Certificate Friendly Name.

For a View Composer server, bind the new certificate to the port that used by View Composer. See Bind a New SSL Certificate to the Port Used by View Composer.