VMware has made great strides in building documentation for View 4.5 compared to the VDI and View 3 days; however there is one spot where their documentation is lacking.  Most administrators want to make sure that if they build a SSL encrypted website, they can purchase a trusted certificate and install it without any major issues.  I spent the better part of a day trying to find out how to combine the VMware documentation with my hands-on experience to get a GoDaddy Cert on two View Connection Servers.  In this case, I did not add security servers, however after a little more testing I found out the process is the same.  For more info if you need it refer to the VMware View 4.5 Installation Guide (www.vmware.com/pdf/view45_installation_guide.pdf). So without further ado, here are the steps to get a SSL certificate installed on a set of View 4.5 Servers.

1. Add Keytool to the system Path.
a. Right-click on My Computer
b. On the Advanced tab, click Environment Variables.
c. In the System variables group, select Path and click Edit.
d. Type the path to the JRE directory in the Variable Value text box. Use a semicolon (;)
to separate each entry from other entries in the text box.
Example: C:Program FilesVMwareVMware ViewServerjrebin
          *If you changed your install path – change it here also
2. Generate a keystore
a. Open a command prompt and go to the root of C:
b. Type:
“keytool -genkey -keyalg “RSA” –keysize 2048 -keystore keys.p12 -storetype pkcs12 -validity 360
Note the added keysize argument. This is needed for GoDaddy and most Trusted providers
c. When asked for a password, make sure you write it down, you will need it later
d. When keytool prompts you for your first and last name, type the fully qualified domain name (FQDN)
that client computers use to connect to the host. (i.e view.yourcompany.com)
This should be your load balanced FQDN not the individual servers. VERY
IMPORTANT STEP!
3. Configure the View Connection Server for the self signed cert
a. Copy c:keys.p12 to the SSLGateway configuration directory
For example: install_directoryVMwareVMware ViewServersslgatewayconf
Only copy the file since you will need it to create the csr it is easier on the root of c:
b. Create a file called locked.properties (Make sure you save it as a .properties file not .txt)
c. Edit the file with notepad and add the following lines
keyfile=keys.p12
keypass=”The password you set when creating the keystore” (i.e. keypass=p@ssw0rd)
d. Restart the View Connection Server service. This will restart a few services include the web
services so be a little patient. You will now have a self-signed certificate.
The next part is to get a certificate from GoDaddy and install it.
4. Create a CSR
a. Open a command prompt and go to the root of C:
b. Type:
“keytool -certreq -keyalg “RSA” -file certificate.csr –keystore keys.p12 – storetype pkcs12 –storepass secret”
Replace the word secret with the password you set earlier.
c. A new file will be created c:certificate.csr
5. Get a Signed Certificate
a. Open c:certificate.csr with a text editor
b. Copy all of the text from the .csr into the GoDaddy website. It should look like the graphic below
c. Once you have copied this into GoDaddy and processed the Cert you will need to download the cert.
Choose to download the cert for Tomcat.
d. Unzip the file and open the certificate named for your domain

6. Create a file to add to the keystore

a. Click on the details tab and click Copy to file
b. The Certificate Export wizard appears
c. Specify PKCS#7 format, include all certificates in the certification path, and
then click next.
d. Specify a filename and click Next.
e. Click Finish to export the file in PKCS#7 format.
7. Import the file into the keystore
a. Open a command prompt and go to the root of C:
b. Type:
“keytool -import -keystore keys.p12 -storetype pkcs12 -storepass secret -keyalg “RSA” -trustcacerts -file certificate.p7”
Replace secret with your password. Your file may also be .p7b so if it is change the line above to reflect that.
c. Copy c:keys.p12 to the SSLGateway configuration directory
For example: install_directoryVMwareVMware ViewServersslgatewayconf
d. Restart the View Connection Server service
To add the certificate to the second View Connection Broker simply copy the keys.p12 and locked.properties file to the SSLgateway directory on the second server and restart the View Connection Server Service.
Once you have this all set you should be able to look at your standard web browser and see your great new certificate.  Good luck and hopefully this was helpful to others out there.