After successfully installing JMP Server, you must perform several tasks to set up the TLS server certificates that are signed by a valid Certificate Authority (CA) for use with the JMP Server instance.
In addition to the tasks outlined in this topic, the following diagram provides a visual summary of the main steps required to configure the certificates for JMP Server. Ensure that you follow the detailed steps that are described in the topics that follow this overview to configure the specific certificates successfully. For the tasks that are marked as optional, determine whether you have to perform those tasks to ensure your JMP Server configuration is more secure. After you complete the certificate configurations, you must restart the three JMP Server services using the Windows Services Manager.
If TLS/SSL is enabled in your SQL Server, ensure that the TLS/SSL certificate has been imported into the JMP Server's host's local certificate store.
Replace the TLS server certificate that the JMP Server installer generated.
The default server certificate that the JMP Server installer generated is self-signed and unrecognized by your organization's network. Replace the self-signed certificate with a valid TLS certificate that you obtained from a CA. See Replace the Default TLS Certificate.
If your organization does not have a valid TLS Web server certificate, obtain a signed TLS server certificate from a CA. Refer to the information in Scenarios for Setting Up TLS Certificates for Horizon 7.
If an intermediate CA signed your organization's server certificates, configure JMP Server to use your organization's certificate chain file, ca-chain.cert.pem, to help JMP Server authenticate other servers in your network. See Configure JMP Server to Use a Certificate Chain File.Note:
If a root CA trusted by NodeJS signed your organization's TLS server certificates directly, you do not need to provide a certificate chain file or the root certificate file, ca.cert.pem.
Obtain the CA certificate which is used to sign the certificate for the Active Directory server, store it into adCA.pem file, and add the file into the JMP Server XMS configuration folder. See Configure JMP Server to Use the Certificate for Active Directory for details.
Export the CA-signed certificate for Horizon Connection Server into a horizon.cert.pem file and add the file into the JMP Server home folder. See Configure JMP Server to Use the Horizon Connection Server Certificate for details.
With the horizon.cert.pem file, JMP Server can authenticate Connection Server as a trustworthy server to which it can connect.Note:
You must finish this task for each Connection Server pod that interfaces with the JMP Server instance. The contents of each of the exported CA-signed certificate must be appended into the same horizon.cert.pem file.
If you are assigning App Volumes AppStacks when creating JMP assignments, configure your JMP Server instance to use the App Volumes Manager instance's self-signed certificate so that it can securely communicate with the App Volumes Manager instance. See Configure JMP Server to Use the App Volumes Manager Certificate.
(Optional) Change the default cipher suites that your JMP Server instance supports with ciphers that your organization supports. See Configuring Cipher Suites for JMP Server.
(Optional) Enable a more restrictive Cross-Origin Resource Sharing (CORS) policy on your JMP Server for an added secure communication with your Horizon 7 Connection Server instance. See Use a More Restrictive CORS Policy on Your JMP Server.
Restart the three JMP Server services using the Windows Services Manager.
After you configure the server certificates, you can proceed to Horizon Console to configure the JMP settings and begin using the JMP Integrated Workflow features. See "Configure JMP Settings for the First Time" in VMware Horizon Console Administration.