Replace the default TLS certificate installed by the JMP Server installer with your organization's TLS certificate that is signed by a Certificate Authority (CA).

After you successfully install the JMP Server instance, you can access it using the Horizon Console on a Web browser. However, if your network does not recognize the default TLS certificate that was installed, the Web browser's security alert dialog box appears when you configure the JMP settings for the first time. Although you can use the default, self-signed certificate for testing purposes, to ensure a secure connection with the JMP Server instance, replace the default certificate and key with a CA-signed TLS certificate and private key.

Important:

If you decide to name the certificate and key files with filenames that are different from the default names created by the JMP Server installer, you must modify the JMP Server NGINX configuration file to use the new filenames.

Prerequisites

  • Install JMP Server. See Install JMP Server.

  • Obtain a CA-signed TLS certificate and replace the default TLS certificate installed by the JMP Server installer. You can use certificate tools, such as Microsoft Certreq or OpenSSL on Windows, to generate a certificate. Refer to information in "Obtaining TLS Certificates from a Certificate Authority" in Scenarios for Setting Up TLS Certificates for Horizon 7.

Procedure

  1. In the JMP Server host, stop the three JMP Server services using the Windows Services Manager tool.
    1. Right-click the Windows Start icon and select Run.
    2. In the Run dialog box, type services.msc in the Open text box, and click OK.
    3. Locate the following three JMP Server services in the Services (Local) pane of the Services window and for each service, click Stop.
      • VMware JMP API Service

      • VMware JMP File Share Service

      • VMware JMP Platform Services

  2. Save your CA-signed TLS server certificate file as jmp_self_vmware.com.crt in the NGINX configuration folder on the JMP Server host.

    For example: C:\Program Files (x86)\VMware\JMP\com\XMS\nginx\conf\jmp_self_vmware.com.crt

  3. Save the CA-signed TLS server certificate's accompanying private key as jmp_self_vmware.com.key.

    For example: C:\Program Files (x86)\VMware\JMP\com\XMS\nginx\conf\jmp_self_vmware.com.key

  4. (Optional) If you want to use filenames that are different from the expected certificate filenames, jmp_self_vmware.com.crt or jmp_self_vmware.com.key, you must modify the NGINX configuration file with the new filenames.
    1. Open the C:\Program Files (x86)\VMware\JMP\com\XMS\nginx\conf\nginx.conf configuration file.
    2. Locate the occurrences of the jmp_self_vmware.com.crt and jmp_self_vmware.com.key properties and replace them with the new filenames you had selected.
    3. Save the nginx.conf file.

Results

You can now securely access the JMP Integrated Workflow features without the Web browser security alert dialog box appearing.

What to do next

If an intermediate CA signed your organization's entire certificate chain, configure your JMP Server instance to use a certificate chain file. See Configure JMP Server to Use a Certificate Chain File. If not, proceed to configure your JMP Server instance to use the certificate for Active Directory. See Configure JMP Server to Use the Certificate for Active Directory.