Generate View 5.1 Certificates


This is the English version of my previous post as it may help many many people ;-)
So what you need is :
1 -A CA Server, in my case I installed the following role on a Windows 2008 R2 AD controler :
  • Certification Authority
  • Certification Authority Web Enrollment
2 – OpenSSL to create certificates, personal I mounted a Windows 2003 R2 32-bit using Win32 OpenSSL 1.0.1c (some have had problems with Win64 OpenSSL).

Once everything are ready  :
1 – We generate the private key and the .csr file: (a council type the following command : SET OPENSSL_CONF=C:\OpenSSL-Win32\bin\openssl.cfg)
# openssl.exe req -newkey rsa:2048 -keyout .key -nodes -days 3650 -out .csr
Like  :
Note: I don’t set anything for « Challenge password » or for « An optional company name » and be careful to put the fqdn of View Connection Server to the « Common Name »
2 -After editing the file .csr and makes a « copy » of its contents, connect to the server certificate using IE or Firefox (or what ever you want):
Select : « Advanced certificate request »
Select: « Submit a certificate request ….. »
Past the content of the .csr file  and select « Web Server » as template.
Retrieve the signed certificate and name it .crt (Select Base 64 encoded) :
Cop the file to C:\OpenSSL-Win32\bin\
Execute the following command :
# openssl.exe pkcs12 -export -in .crt -inkey .key -name vdm -passout pass:testpassword -out .pfx
Example :
Now copy the generated  .pfx file on the View Connection Server and :
Start mmc:
Add Snap-In « Certification »
Choose « Computer account » then « Local Computer »
Import .pfx certificate :
Type password (testpassword dans notre cas)
And then rename the « Friendly Name » of the previous certificate to what you want (vdmold in my case)
Now restart the « VMwareVDMDS » (Restarting this services will restart all View Services).
Now do the same thing for all View Connection Server, View Security Server, Composer (for this one there is no « Friendly Name »).
Note : I personally recommend to create and import certificates before installing View 5.1 ,like this it will use the signed certificate instead of creating one.

留言

張貼留言

這個網誌中的熱門文章

How to build PrivacyIdea HA with MySQL with master and master replication

1. Install PrivacyIdea on 1st Privacyidea Refer: https://www.youtube.com/watch?v=YzQPA3fQuYQ Add repository on Ubuntu #add-apt-repository ppa:privacyidea/privacyidea Update apt #apt-get update Check apt cache has privacyidea # apt-cache search privacyidea Install 2FA system. This is a meta package to install privacyidea with apache2 + MySql #apt-get install privacyidea-apache2 Create admin account and set password #pi-manage admin add admin admin@localhost Install 2FA FreeRadius  # apt-get install privacyidea-radius Install 2FA everything # apt-get install privacyidea-all 2. Install PrivacyIdea on 2nd Privacyidea  3. Setup Mysql master to master replication Refer: https://www.digitalocean.com/community/tutorials/how-to-set-up-mysql-master-master-replication ********************************************* Primary my.cnf bind-address            = xxx.xxx.xxx.xxx server-id            ...
閱讀完整內容

Update X710 firmware

Go to the below website and download the update utility. https://downloadcenter.intel.com/download/24769#help You will want the XL710_NVMUpdatePackage_v5_04_ESX.tar.gz Copy this onto a datastore accessible by the ESXi server and extract with the command  tar -zxvf  XL710_NVMUpdatePackage_v5_04_ESX.tar.gz [root@coloesx25:/vmfs/volumes/dd478478-16edd549/XL710/ESXi_x64] chmod 755 nvmupdate64e [root@coloesx25:/vmfs/volumes/dd478478-16edd549/XL710/ESXi_x64] ./nvmupdate64e Intel(R) Ethernet NVM Update Tool NVMUpdate version 1.26.17.11 Copyright (C) 2013 - 2016 Intel Corporation. WARNING: To avoid damage to your device, do not stop the update or reboot or power off the system during this update. Inventory in progress. Please wait [******+...] Num Description                            Device-Id B:D   Adapter Status === ====================================== ========= ===== ==...
閱讀完整內容

Align Windows disk in ESX

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2010.12.20 17:31:25 =~=~=~=~=~=~=~=~=~=~=~= vmware.log Win2k3_R2_SP2_Ent_x86.vmsd Win2k3_R2_SP2_Ent_x86-flat.vmdk Win2k3_R2_SP2_Ent_x86.vmx Win2k3_R2_SP2_Ent_x86.nvram Win2k3_R2_SP2_Ent_x86.vmxf Win2k3_R2_SP2_Ent_x86.vmdk [root@abvms01 Win2k3_R2_SP2_Ent_x86]# cat Win2k3_R2_SP2_Ent_x86.vmdk # Disk DescriptorFile version=1 encoding="UTF-8" CID=c36505a9 parentCID=ffffffff isNativeSnapshot="no" createType="vmfs" # Extent description RW 41943040 VMFS "Win2k3_R2_SP2_Ent_x86-flat.vmdk" # The Disk Data Base #DDB ddb.adapterType = "lsilogic" ddb.geometry.sectors = "63" ddb.geometry.heads = "255" ddb.geometry.cylinders = " 2610 " ddb.uuid = "60 00 C2 99 26 78 cc 6b-e3 18 d4 1d 61 a4 1d dd" ddb.longContentID = "7f28e4e9ec06d578dbe8508cc36505a9" ddb.virtualHWVersion = "7" [root@labvms01 Win2k3_R2_SP2_Ent_x86]# fdisk Win2k3_R...
閱讀完整內容