By Gourav Bhardwaj with Matt Larson
While performing a Health Check on a customer’s VMware View 5.2 environment, one item that came up was to verify that the SSL certificate was configured appropriately. VMware recommends the replacement of self-signed certificates with certificates that are signed by a Certificate Authority.
When entering a new environment, or performing a health check, the most well-known approach to determining the certificate used by View Composer is using the sviconfig command referenced here, which is also used to replace the certificate. During the replacement process, the existing certificate will be listed. That being said, running this command requires stopping the Composer service. If there are any Composer downtime constraints; the following alternate process can be used to determine the current certificate.
In VMware Horizon View Administrator, you can determine whether the certificate is signed by a well-known certificate authority. In the case below, the certificate is self-signed.
Looking at the Certificates Management Console, multiple certificates are listed, but how do you know which one is in use?
To find which certificate is in use, check the registry to see the thumbprint of the certificate bound to the port used by Composer. Find this by navigating to \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HTTP\Parameters\SslBindingInfo\0.0.0.0:18443 key in the registry, and noting the SslCertHash.
Match the hash listed in the registry to the hash listed on one of the certificates listed in the Certificates Management Console. The match is the certificate currently used by Composer.
As seen in the console, this certificate is the self-signed certificate that was created during the Composer installation process. It is also expired. To change the certificate, follow the article listed earlier in reference to sviconfig.
Stay tuned for more posts about evaluating the health of the virtual desktop environment.
Gourav Bhardwaj is a VMware consulting architect who has created virtualized infrastructure designs across various verticals. He has assisted IT organizations of various Fortune 500 and Fortune 1000 companies, by creating designs and providing implementation oversight. His experience includes system architecture, analysis, solution design and implementation.
Matt Larson is an experienced, independent VMware consultant working in design, implementation and operation of VMware technologies. His interests lie in enterprise architecture related to datacenter and end user computing.