[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Certificate and VMware View 4.6

Posted on 2011-05-09
12
Medium Priority
?
1,486 Views
Last Modified: 2012-05-11
I am attempting to import a certificate into VMware View on the security server.  I've attempted to use both a .crt and a .p7b

The .crt was exported a a .p7b since Register.com doesn't include it in a Tomcat certificate purchase.  Any assistance would be greatly appreciated.

Commands and error messages:


C:\Program Files\VMware\VMware View\Server\jre\bin>keytool -import -keystore dem
o.p12 -storetype pkcs12 -alias tomcat -storepass xxxxxxx -keyalg "RSA" -trustca
certs -file c:\certs\certificate.crt
Owner: CN=sub.domain.com, OU=PositiveSSL, OU=Hosted by Register.com, OU=Domain
Control Validated
Issuer: CN=Register.com CA SSL Services (DV), O=Register.com, C=US
Serial number: xxxxxxxxxxxxxxxxx
Valid from: Thu May 05 18:00:00 MDT 2011 until: Sat May 05 17:59:59 MDT 2012
Certificate fingerprints:
         MD5:  xxxxxxxxxxx
         SHA1: xxxxxxxxxxx
         Signature algorithm name: SHA1withRSA
         Version: 3

Extensions:

#1: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Key_Encipherment
]

#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:false
  PathLen: undefined
]

#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 80 CA 54 40 A1 34 B1 EE   54 7F D9 86 58 0B F6 1B  ..T@.4..T...X...
0010: A9 DF 32 2A                                        ..2*
]
]

#4: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: 1.3.6.1.5.5.7.48.2
   accessLocation: URIName: http://crt.register.com/RegistercomSSLServicesCADV.c
rt,
   accessMethod: 1.3.6.1.5.5.7.48.1
   accessLocation: URIName: http://ocsp.register.com]
]

#5: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl.register.com/RegistercomSSLServicesCADV.crl]
]]

#6: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [1.3.6.1.4.1.6449.1.2.2.24]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 32 68 74 74 70 3A 2F   2F 63 61 2E 72 65 67 69  .2http://c
a.regi
0010: 73 74 65 72 2E 63 6F 6D   2F 72 65 70 6F 73 69 74  ster.com/reposit
0020: 6F 72 79 2F 52 65 67 69   73 74 65 72 5F 43 50 53  ory/Register_CPS
0030: 2E 70 64 66                                        .pdf

]]  ]
]

#7: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
  clientAuth
]

#8: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 96 36 9B F8 D6 E5 B3 68   4A 70 7A 7A 72 8D D3 6E  .6.....hJpzzr..n
0010: 2C 0B B9 31                                        ,..1
]

]

#9: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: sub.domain.com
  DNSName: www.sub.domain.com
]

Trust this certificate? [no]:  yes
keytool error: java.security.KeyStoreException: TrustedCertEntry not supported



C:\Program Files\VMware\VMware View\Server\jre\bin>keytool -import -keystore dem
o.p12 -storetype pkcs12 -alias tomcat -storepass xxxxxxx -keyalg "RSA" -trustca
certs -file c:\certs\demo.p7b
keytool error: java.lang.Exception: Input not an X.509 certificate

C:\Program Files\VMware\VMware View\Server\jre\bin>
0
Comment
Question by:jjl505
  • 7
  • 5
12 Comments
 
LVL 124
ID: 35720641
Guidelines for generating and importing an SSL certificate for the View Connection Server

http://kb.vmware.com/kb/1008705 
0
 

Author Comment

by:jjl505
ID: 35720734
Thank you for the response.  This is the method that I used to create the request and import the cert.  Errors above are the result.
0
 
LVL 124
ID: 35720771

Have you obtained a Signed Certificate from a CA?
0
Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

 

Author Comment

by:jjl505
ID: 35720785
Yes.  As stated above the certificate was provided by Register.com.  Issued as a Tomcat certicate.
0
 
LVL 124
ID: 35720818
is your certificate.crt a valid p7 cert?

you could also try dropping the alias switch
0
 
LVL 124
ID: 35720836
did you send the CSR to Register.com?
0
 
LVL 124
ID: 35720853
do they provide PKCS#12 or PKCS#7 format?
0
 

Accepted Solution

by:
jjl505 earned 0 total points
ID: 35720902
'The .crt was exported a a .p7b since Register.com doesn't include it in a Tomcat certificate purchase.'

A CSR was indeed submitted to Register.com and I did indeed recieve a set of CRT files.  Register.com did not provide the certicates in any other format other than CRT.

I used the method below to convert the CRT file to a P7B.

To convert a PKCS#12 certificate to PKCS#7 format:

i.Open the certificate file in Internet Explorer.

ii.In the Details tab, click Copy to File. The Certificate Export wizard appears.
iii.Specify PKCS#7 format, include all certificates in the certification path, and then click Next.
iv.Specify a filename and click Next.
v.Click Finish to export the file in PKCS#7 format. The file is saved with a .P7B extension.

0
 
LVL 124
ID: 35720938
try opening certicate store using mmc, and then export certificate with private key.
0
 
LVL 124
ID: 35738678
Have you been able to deploy a Win 7 full clone using the normal clone/customization sequence in vCenter Server?
0
 

Author Closing Comment

by:jjl505
ID: 37260955
Thank you
0
 

Author Comment

by:jjl505
ID: 37234636
I appreciate all the input
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
In this article will go through how to backup a vPostgres DB from a broken vCenter Appliance and restore to a new vCenter Appliance.
Teach the user how to configure vSphere clusters to support the VMware FT feature Open vSphere Web Client: Verify vSphere HA is enabled: Verify netowrking for vMotion and FT Logging is in place or create it: Turn On FT for a virtual machine: Verify …
Teach the user how to join ESXi hosts to Active Directory domains Open vSphere Client: Join ESXi host to AD domain: Verify ESXi computer account in AD: Configure permissions for domain user in ESXi: Test domain user login to ESXi host:
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question