Starting with View 6.2 you can now deploy the VMware Access Point to access View externally. Security servers are still available but this appliances brings some advances over using the security server. You dont pair the appliance directly with a single connection server it can be configured to use a load balance address plus its a hardened Linux appliance.
VMware documentation can be found here
@cstalhood has a fantastic blog to set this up that can be found here
the following will illustrate how to update the certificate. First download OpenSSL, I will be using Windows OpenSSL. I will be using the same certificate I was using on the security server which I have exported as a .pfx. I need to convert it to a .pem file and I also need to make sure the key is converted to RSA format. Run the following command, my export is called export.pfx, my new converted file will be called accesspoint.pem
openssl pkcs12 -in export.pfx -out accesspoint.pem -nodes
openssl rsa -in accesspoint.pem -out accesspoint.key
Open the file up in Notepad++. Notice the layout, we need to convert these to a single line. In Notepad++ choose Search - Replace. If the EOL type is UNIX (check bottom right) then find \n and replace with \\n. Make sure Extended (\n, \r, \t, \0, \x..) is selected. Once complete you will see layout as one line
To upload the certificate you need to use the REST API. I use Postman as a Chrome extension, find this under Chrome Apps
Open Postman and change the Authentication to Basic Auth
Enter the below address and change the command to PUT
https://access-point-ip:9443/rest/v1/config/certs/ssl
Select Body - Raw - JSON (application/json).
Create a JSON request the same as the above screen shot and below. Replace string with the test out of the certificate files we created previously, make sure this string remains in the brackets. the string for the private key MUST be followed by a comma but the cert chain one doesnt require this.
{
“privateKeyPem”:”string”,
“certChainPem”: “string”
}
Once entered select SEND
You should now see a status of 200 OK.
Now browse to https://access-point-fqdn and see if the cert has been applied successfully. The certificate should have the external hostname
A simpler method is now available which is to just add these 3 lines to the PowerShell .INI file and rerun apdeploy.ps1.
[SSLCert]
pemCerts=accesspoint.pem
pemPrivKey=accesspoint.key
No need for pasting PEM format text into Notepad++, no need to replace newline characters and no need to use curl, postman or any REST API. apdeploy.ps1 takes about 2 minutes and Access Point is then production ready on first boot with all settings automatically set up.
See https://communities.vmware.com/docs/DOC-30835
Mark
Hey Mark,
Excellent thanks for the info!