VMware Workspace 2.1: installing certificates
In this blog I will show you how to install certificates to secure your VMware Workspace 2.1. I will cover the internal certificates only but the procedure is the same for external certificates.
Let me start of with saying there are many very good references to be found how to do this on the earlier versions of Workspace, I’m just adding one more for the current one. Look at MyVirtualLife.net for instance if you need a good reference.
What do you need?
To start you will need to get you hands on openssl, go to openssl.org look for the binaries and follow the links. I used 1.0.1i light I think and it worked fine.
You also need a internal Certificate Authority to complete the certificate request and to provide the root certificate for you.
Having all that in place we go on the road.
Creating the files
So we got openssl, let’s create a certificate request, first of course we need to create a key to go with the certificate request.
The command for this is : openssl genrsa -out key.pem 2048
This creates a private key that we will need later on.
The file that is created is called key.pem, keep it safe.
The next step is to create the certificate request.
The command for that is: openssl req -out workspace.csr -key key.pem -new
You will be asked several questions here, the ones that you get when requesting a certificate. The main one is the common name, make sure you enter the FQDN of the workspace appliance there.
The file created is workspace.csr
After creating this car we open a browser, Internet Explorer, and browse to your internal Certificate authority. For me that is http://DC2012/certsrv.
Follow the usual steps to request a certificate – Request, Advanced request and select the webserver as the template.
Select Base64 and download the certificate, it will be called certnew.cer.
So now we have two file, certnew.cer and key.pem. Save them in one place for we will need them a bit later on. It might be a good idea to rename the certnew.cer to workspace.cer or workspace.pem for the root certificate coming later has the same name.
The last file we need is the root certificate for we need to add the complete chain into VMware Workspace to get it working. the root certificate is obtained for the same browser address as we went to before.
So browse there again and download the CA certificate or the whole chain depending on your setup of course.
The three files in place now are:
- Workspace.cer or pem
Time to have some fun with Workspace, let’s open up that browser again and enter the following address: https://FQDN workspace:8443/cfg and logon with the password you set with the installation. Go to Install Certificate and open the TAB “Terminate SSL on Workspace (appliance)”.
Copy the contents of workspace.cer/pem into the first box (removing the rest of course) and copy the contents of certnew.cer (the CA certificate) right below it.
Copy the contents of key.pem into the private key box and click on Save.
The appliance does a partial restart and your secure.
The process is fairly easy and much less work than with previous versions. I don’t think anyone can go wrong with this one.