Friday, December 23, 2011

Configuring SmartCard Authentication in VMware View 5 - Part 3

Export the Root Certificate on the Certificate Server

Navigate to start > run > en type mmc

Naviigate to File > and then to  Add/Remove Snap-In
Select Certificates and then to Computer Account


Navigeer naar Trusted Root Certification Authorities en dan naar Certificates


Right click add the certificate and click on All Tasks > Export

Click on the Next button




Click on the Next button
Click on the Browse button



Type C:\Root_Cert.cer and click on the Save button














Click on the OK button



Add the Root Certificate to the View Connection Server Truststore File


Navigate to Start > Run > CMD
Type the following command: cd/
Click on enter on your keyboard
Type the following comman: keytool -import -alias HDB-CA -file Root_Cert.cer -keystore truststorefile.key
Click on enter on your keyboard
Type the administrator password and pres enter on your keyboard



Type Yes en press enter on your keyboard
The file truststorefile.key is created on C:\ drive
Copy the file to C:\Program Files\VMware\VMware View\Server\sslgateway\conf
 Repeat this step on all VMware View Connection Servers


Changing the View Connection Server configuration


Navigate to the following directory: C:\Program Files\VMware\VMware View\Server\sslgateway\conf
Create a file with the following name: locked.properties
Edit the locked.properties file with Notepad and add the following text to it:
trustKeyfile=truststorefile.key
trustStoretype=JKS
useCertAuth=true

Save the locked.properties file

Restart the VMware View Connection Server service


Configure the SmartCard settings in VMware View Administrator

Start the View Administrator




























Navigate to View Configuration en go to Global Settings
Click on Edit
Place a marker by the option Require SSL for client connection and View Administrator and click on the OK button
Restart the VMware View Connection Server service
Start the View Administrator





Navigate to View Configuration and then to Servers


Select the connection server and click on Edit




Navigate to the Authentication tab




Select Smart card authentication Required
Select disconnect user sessions on smart card removal
Click on the OK button
Restart the VMware View Connection Server service


Add the Root Certificate to the Enterprise NTAuth Store on the Domain Controllers



Login on the domain controller
Copy the Root_Cert.cer file to the C:\ drive
Navigate to Start > Run > and type CMD and press enter on your keyboard






Type C:
Press enter on your keyboard
Type -dspublish -f C:\Root_Cert.cer NTAuthCA 
Press enter on your keyboard

Add Root Certificate to Trusted Root Certification Authorities in the Group PolicyStart group policy management
Right Click the Default Domain Policy
Click on Edit
Navigate to: Computer Configuration > Windows Settings > Security Settings > Public Key policies





Right Click and select Trusted Root Certification Authorities and click on Import
Click on Next
Select the exported Trusted Root certificate and click on Next





Click on the Open button
Click on the Next button
Click on the Next button
Click on the Finish button
Click on the OK button


No comments: