In Part 1 we went through all the steps needed to generate a new SSL certificate for View Composer. We were left with a file titled rui.pfx, which we need to import into our View Composer certificate store.
Step 1 – Import the certificate to the local certificate store
Open a MMC console, then from the File menu add the Certificates snap-in (Add/Remove Snap-in from the menu).
We need to manage the Computer account….:
For the Local computer:
Click Ok once you have added the snap-in.
Expand Personal – Certificates. You’ll see the default Composer SSL certificate there.
Right click on the Certificates folder and select All Tasks – Import.
Go through the wizard, selecting the rui.pfx file we previously copied to the server. You’ll need to change the file extension to Personal Information Exchange to see the file.
Click Next to move through the wizard.
The next decision is yours. If you mark the certificates as exportable you do open up a potential security risk as someone could come along and grab a full copy of the certificate. You already have a copy of the PFX file (which you will protect right?), so lets leave the settings at the default. Fill in the password we selected when generating the PFX file (testpassword) and click Next.
The destination store should already be what we want since we selected in in the beginning. If not, select Personal as shown and click Next then Finish. You will get a dialog box indicating that the action was successful.
Step 2 – Activate the certificate
From the View Management Console dashboard; note that our current View Composer certificate is untrusted but accepted (I accepted it during the initial configuration, prior to replacing the certificate):
Stop the VMware View Composer service.
From the command line, change into the View Composer install directory. It should be \Program Files (x86)\VMware\VMware View Composer.
Execute the command:
SviConfig.exe –operation=replacecertificate -delete=false
The delete=false leaves the default SSL certificate in place, so you can switch to it if you want.
Select the certificate you wish to activate. It should be obvious since if has the details you entered when generating the certificate request. We want certificate 1; press Enter to bind the certificate.
You should get confirmation:
Start the View Composer Service. Check the Composer Server event logs for any issues, but assuming that you followed the directions as indicated (known valid for View 5.1) Composer should be working as expected.
Go back to the View dashboard, hit refresh, and click on the View Composer Server again. The SSL Certificate should now show as valid.
You now have a trusted certificate on your View Composer Server, and a usable backup of the Composer Server SSL certificate (with private key).
