Setup the default VMware vCenter server certificate in XenApp
To avoid getting the error message that I’ve put in here, I wanted to help out with an article to help aid the setup process of integrating Citrix XenDesktop or XenApp with VMware vSphere and vCenter. This Guide will show you how to integrate and setup the Hosting Connection from Citrix XenDesktop/XenApp 7.7 and VMware vSphere 6.x.
This is not the first and probably not the last blog post about how to setup Citrix Studio to communicate with VMware vCenter, in order to automate and manage XenApp or XenDesktop machines. This guide will let you use VMware to provide virtual machines.
- I assume you have Installed and configured your VMware vSphere 6.0 hypervisor.
- I assume you have an account that you can authenticate and use with AD.
- Also, have an AD account ready, to use when setting up Citrix Studio with vCenter.
Install vCenter Server and the appropriate management tools. (Please note that Citrix offers no support vSphere vCenter Linked Mode operation.) - Next, you need to create a VMware user account with minimum DataCenter level. (please refere to the citrix edocs for more info)
The account will be used to create new VMs and to communicate with vCenter.
Obtain and import a certificate
In order to get Citrix Studio to work with vSphere we need to get the certificate off the vCenter Server. This is because we need to protect vSphere communications between Citrix and vSphere. Citrix recommends that you use HTTPS rather than HTTP.
Please note that You can use the VMware-installed self-signed certificate.
Add the VMware vCenter certificate to each Controller. Follow this procedure:
Add the fully qualified domain name (FQDN) of the computer running vCenter Server to the hosts file on that server, located at %SystemRoot%/WINDOWS/system32/Drivers/etc/. This step is required only if the FQDN of the computer running vCenter Server is not already present in the domain name system.
- There are several methods you can use to obtain the vCenter certificate using any of the following methods:
- From the vCenter server:
- Copy the file rui.crt from the vCenter server to a location accessible on your Delivery Controllers.
- On the Controller, navigate to the location of the exported certificate and open the rui.crt file.
- Download the certificate using a web browser. If you are using Internet Explorer, depending on your user account, you may need to right-click on Internet Explorer and choose Run as Administrator to download or install the certificate.
- Open your web browser and make a secure web connection to the vCenter server; for example https://vcenter1.demo1.com
- Accept the security warnings.
- Click on the address bar where it shows the certificate error.
- View the certificate and click on the Details tab.
- Select Copy to file and export in .CER format, providing a name when prompted to do so.
- Save the exported certificate.
- Navigate to the location of the exported certificate and open the .CER file.
- Import directly from Internet Explorer running as an administrator:
- Open your web browser and make a secure web connection to the vCenter server; for example https://vcenter1.demo1.com.
- Accept the security warnings.
- Click on the address bar where it shows the certificate error.
- View the certificate.
- Import the certificate into the certificate store on each of your Controllers:
- Click Install certificate, select Local Machine, and then click Next.
- Select Place all certificates in the following store, and then click Browse.
- If you are using Windows Server 2012 or Windows Server 2012 R2:
- Select Trusted People, then click OK.
- Click Next, then click Finish.
Please note that if you are using an older OS version of Windows Server like 2008, then do the following:
If you are using Windows Server 2008 R2:
- Select the Show physical stores check box.
- Select Local Computer.
- Expand Trusted People Folder
- Click Next, then click Finish
Important: If you change the name of the vSphere server after installation, you must generate a new self-signed certificate on that server before importing the new certificate.
Thanks to my colleague and vExpert buddy – Oivind Ekeberg @oekeberg