Tag Archives: EMC

How and why to replace the default VMware View Composer SSL certificate – Part 2

In Part 1 we went through all the steps needed to generate a new SSL certificate for View Composer. We were left with a file titled rui.pfx, which we need to import into our View Composer certificate store.

Step 1 – Import the certificate to the local certificate store

Open a MMC console, then from the File menu add the Certificates snap-in (Add/Remove Snap-in from the menu).

image

We need to manage the Computer account….:

image

For the Local computer:

image

Click Ok once you have added the snap-in.

Expand Personal – Certificates. You’ll see the default Composer SSL certificate there.

image

Right click on the Certificates folder and select All Tasks – Import.

image

Go through the wizard, selecting the rui.pfx file we previously copied to the server. You’ll need to change the file extension to Personal Information Exchange to see the file.

image

Click Next to move through the wizard.

The next decision is yours. If you mark the certificates as exportable you do open up a potential security risk as someone could come along and grab a full copy of the certificate. You already have a copy of the PFX file (which you will protect right?), so lets leave the settings at the default. Fill in the password we selected when generating the PFX file (testpassword) and click Next.

image

The destination store should already be what we want since we selected in in the beginning. If not, select Personal as shown and click Next then Finish. You will get a dialog box indicating that the action was successful.

image

Step 2 – Activate the certificate

From the View Management Console dashboard; note that our current View Composer certificate is untrusted but accepted (I accepted it during the initial configuration, prior to replacing the certificate):

image

Stop the VMware View Composer service.

From the command line, change into the View Composer install directory. It should be Program Files (x86)VMwareVMware View Composer.

Execute the command:

SviConfig.exe –operation=replacecertificate -delete=false

The delete=false leaves the default SSL certificate in place, so you can switch to it if you want.

Select the certificate you wish to activate. It should be obvious since if has the details you entered when generating the certificate request. We want certificate 1; press Enter to bind the certificate.

image

You should get confirmation:

image

Start the View Composer Service. Check the Composer Server event logs for any issues, but assuming that you followed the directions as indicated (known valid for View 5.1) Composer should be working as expected.

Go back to the View dashboard, hit refresh, and click on the View Composer Server again. The SSL Certificate should now show as valid.

image

You now have a trusted certificate on your View Composer Server, and a usable backup of the Composer Server SSL certificate (with private key).

Missing: the last 5 days. If found…..

Starting a new job is exciting, well it should be anyway. If you aren’t excited about it why would you have accepted the offer in the first place?

My first week at EMC was spent reading. Perhaps it is better described as an opportunity to learn what it is I don’t know, which is always more than you think. This is in no way a surprise or a source of frustration; I’ve come to realize that I work with some fairly unique (and highly skilled) individuals within the organization whose talents are in demand. The reading also helped prepare me to take an internal exam, which you must pass before you are given access to certain sources of technical information.

My immediate team is rather interesting. My team lead was at Cisco Live last week doing a variety of things EMC related and my coworker (peer if you will, although I wouldn’t use that term just yet) is going up to HQ (Hopkinton, MA) this coming week to perform a customer proof of concept demonstration. My purpose on the team is to be able to equal them as closely as is possible, and I can already tell you that it is going to be among the most challenging things that I have ever done in my career. My team is responsible for developing documents likethese, and I’ve been pouring over them and many like them as I’ll be expected to participate in exercises like that as soon as is possible.

Some things that have become obvious over the last week:

  1. If you paid any attention to the vSphere 5 launch this week and follow the top tech blogs you can’t help but notice that EMC employees that blog (particularly the vSpecialist team) were ready with article after article immediately after the launch. I use Google Reader (my feed list is linked in the left column of this page; EMC maintains a list here that is fairly accurate) and I was overwhelmed that day by post after post of analysis about the announcement. I don’t care if you like EMC or not; if you want timely analysis of virtualization news you should be following them.
  2. Hard work does pay off but luck never hurts. I busted my ass to get where I am today but it took an alignment of the planets to finally get me in the door at EMC. My advice to those who want in: network with employees (this is nothing new) and get to know recruiters (thank you LinkedIn). I had a very helpful recruiter who gave me some resume tips and then got that updated resume to who it needed to get to. I had applied to EMC at least seven previous times and I can assure you that getting an interview is not as easy as you would like. Oh and ifyou do interview and it went well BE PATIENT. Just trust me on that one.
  3. It is very cool to be among a very small number of people in the company who get to see or hear things first. I can’t really get into details but the fact that I got to learn something BEFORE people whose blogs I read religiously (and go to for news) is pretty exciting. For me it is just another reminder that much will be expected of me and that nothing less than 100% effort is going to cut it.
  4. When do all these people have time to write? It requires discipline that I do not yet have. Give me a few months though and I might be able to post some of that “Day 0″ news that is likely the biggest inspiration for them to author new posts. My closing thought: Great things lie ahead; I can’t wait.